MCT USE ONLY.

STUDENT USE PROHIBITED

L1-1

Module 1: Deploying Exchange Server 2016

Lab: Deploying Exchange Server 2016
Exercise 1: Evaluating requirements and prerequisites for an Exchange
Server 2016 installation
Task 1: Evaluate the AD DS requirements
1. On LON-DC1-B, if necessary, on the taskbar, click Server Manager.

2. In Server Manager, click Tools, and then click Active Directory Users and Computers.

3. Right-click Adatum.com, and then click Properties.

4. In the Adatum.com Properties dialog box, verify that the domain and forest functional levels are
compatible with the Exchange Server 2016 requirements. (Note: They should be at least Windows
Server 2008.)

5. Click OK, and then close Active Directory Users and Computers.

6. Click to the Start screen. Type adsiedit.msc, and then press Enter.

7. Right-click ADSI Edit, and then click Connect to.

8. In the Connection Settings dialog box, in the Connection Point section, in the Select a well-
known Naming Context list, click Configuration, and then click OK.
9. In the left pane, expand Configuration [LON-DC1.Adatum.com], and then click
CN=Configuration,DC=Adatum,DC=com.

10. Expand CN=Services, and verify that the CN=Microsoft Exchange has not been created.

11. Close ADSI Edit.

Task 2: Evaluate the DNS requirements

1. On LON-EXCH-B, click Start, and then click Windows PowerShell.

2. In the Windows PowerShell window, type the following command, and then press Enter:

IPConfig /all

3. Verify that the Domain Name System (DNS) server IP address for the Local Area Connection is
172.16.0.10.

4. At the command prompt, type the following command, and then press Enter:

Ping LON-DC1.adatum.com

5. Verify that you have network connectivity with the domain controller.

6. At the command prompt, type Nslookup, and then press Enter.

7. At the command prompt, type the following command, and then press Enter:

set type=all
 MCT USE ONLY. STUDENT USE PROHIBITED
L1-2 Deploying Exchange Server 2016

8. At the command prompt, type _ldap._tcp.dc._msdcs.adatum.com, and then press Enter. Verify that
a service SRV resource record for lon-dc1.adatum.com is returned.
9. Close Windows PowerShell.

Results: After completing this exercise, you should have evaluated the AD DS and DNS, requirements for
deploying Exchange Server 2016.

Exercise 2: Deploying Exchange Server 2016

Task 1: Prepare AD DS for Exchange Server 2016 deployment
1. On LON-DC1-B, in the Virtual Machine Connection window, click the Media menu, select DVD
Drive, and then click Insert Disk.

2. Navigate to D:\Program Files\Microsoft Learning\20345-1\Drives\ExchangeServer2016-

CU5.iso, and then click Open.

3. Click Start and then click Windows PowerShell.

4. In the Windows PowerShell window, type the following command, and then press Enter:

D:

5. Type the following command, and then press Enter:

.\Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms /OrganizationName:Adatum

6. Wait until the process completes.

Note: If you receive a warning about pending restart, restart the LON-DC1-B computer
and repeat this task.

7. Close Windows PowerShell.

Task 2: Install Exchange Server 2016 on a single server

1. On LON-EXCH-B, in the Virtual Machine Connection window, click the Media menu, select DVD
Drive, and then click Insert Disk.

2. Navigate to D:\Program Files\Microsoft Learning\20345-1\Drives\ExchangeServer2016-

CU5.iso, and then click Open.

3. Open File Explorer.

4. In File Explorer, double-click drive D. Setup launches. If Setup does not launch automatically, double-
click Setup.exe.

5. In the MICROSOFT EXCHANGE SERVER 2016 CUMULATIVE UPDATE 5 SETUP window, select
Don't check for updates right now, and then click next.

6. On the Introduction page, click next.

7. On the License Agreement page, click I accept the terms in the license agreement, and then click
next.

8. On the Recommended Settings page, click next.

 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L1-3

9. On the Server Role Selection page, select Mailbox role, select Automatically install Windows
Server roles and features that are required to install Exchange Server, and then click next.
10. On the Installation Space and Location page, accept the default location, and then click next.

11. On the Malware Protection Settings page ensure that No is selected, and then click next.

12. On the Readiness Checks page, ensure that you do not have any errors listed (some warnings might
appear), and then click install.

Note: If you receive an error on the Readiness Checks page, click retry. If this is
unsuccessful, restart the virtual machine. Sign in as Adatum\administrator with the password
Pa55w.rd and repeat this process from step 3.

13. Verify that the Setup Progress page opens and the installation procedure starts. This procedure will
go through 14 steps. It can take up to 60-75 minutes to complete, depending on your computer’s
performance.

14. Once installation completes, on the Setup Completed page, select Launch Exchange
Administration Center after finishing Exchange setup, and then click Finish.

15. Verify that Microsoft Internet Explorer opens automatically to the Exchange Admin Center page.

16. Sign in as Adatum\Administrator with the password Pa55w.rd.

17. Ensure that you are signed in successfully to the Exchange Admin Center.

Note: If you get a Request time out error during first sign in, refresh the page and try
again.

Task 3: Verify Exchange Server installation

1. On LON-EXCH-B, open the Server Manager console, and then click Tools.
2. Select Services.

3. Scroll down the list of services, and then click the Microsoft Exchange Active Directory Topology
service.
4. Review the service description.

5. Review the status of the remaining Exchange Server services. Ensure that all services that are set for
Automatic startup are running.

Note: You might see that Microsoft Exchange Notifications Broker service is not running.
You can ignore this.

6. Close Services.
7. On the desktop, on the taskbar, click the File Explorer icon.

8. Browse to C:\Program Files\Microsoft\Exchange Server\V15. This list of folders includes

ClientAccess, Mailbox, and TransportRoles. These roles were installed as part of the typical setup.

9. Close File Explorer.

10. On the taskbar, click the Internet Explorer icon.

 MCT USE ONLY. STUDENT USE PROHIBITED
L1-4 Deploying Exchange Server 2016

11. In the Internet Explorer Address bar, type https://lon-exch.adatum.com/owa, and then press Enter.

12. In Outlook on the web, sign in as Adatum\Administrator with the password Pa55w.rd.
13. On the Language and Time zone page, select your time zone and then click save.

14. Click New.

15. Send an email to the Administrator.

16. Verify that the email is received in the inbox.

17. Close Outlook Web App.

18. Shut down all virtual machines.

Results: After completing this exercise, you should have prepared the AD DS environment, and then
installed Exchange Server 2016 on a single server. You also should have verified if the core Exchange
Server services and components are installed properly.
 MCT USE ONLY. STUDENT USE PROHIBITED
L2-5

Module 2: Managing Exchange Server 2016 servers

Lab: Configuring Mailbox servers
Exercise 1: Creating and configuring mailbox databases
Task 1: Configure iSCSI storage for the Mailbox server
1. On LON-DC1, open Server Manager (if necessary), click Manage, and then click Add Roles and
Features.
2. In the Add Roles and Features Wizard, on the Before you begin page, click Next.

3. On the Select installation type page, click Next.

4. On the Select destination server page, make sure that Select a server from the server pool is
selected, and then click Next.

5. On the Select server roles page, expand File And Storage Services (2 of 12 installed), expand File
and iSCSI Services (1 of 11 installed), select the iSCSI Target Server check box, and then click
Next.

6. On the Select features page, click Next.

7. On the Confirm installation selections page, click Install.

8. When installation is complete, click Close.

9. On LON-DC1, in Server Manager, in the navigation pane, click File and Storage Services.

10. In the File and Storage Services pane, click iSCSI.

11. In the iSCSI VIRTUAL DISKS pane, click TASKS, and then in the TASKS drop-down list box, select
New iSCSI Virtual Disk.
12. In the New iSCSI Virtual Disk Wizard, on the Select iSCSI virtual disk location page, under
Storage location, click C:, and then click Next.

13. On the Specify iSCSI virtual disk name page, in the Name box, type iSCSIDisk1, and then click
Next.

14. On the Specify iSCSI virtual disk size page, in the Size box, type 2, make sure GB is selected in the
drop-down list box, and then click Next.

15. On the Assign iSCSI target page, click New iSCSI target, and then click Next.
16. On the Specify target name page, in the Name box, type LON-EX1, and then click Next.

17. On the Specify access servers page, click Add.

18. In the Select a method to identify the initiator dialog box, click Browse. In the Select Computer
window, type LON-EX1, click Check Names, click OK, and then click OK. If you receive an error, click
Cancel twice, restart LON-EX1, sign in as Administrator with the password Pa55w.rd, and then on
LON-DC1, restart this procedure from step 9.

19. On the Specify access servers page, click Next.

20. On the Enable Authentication page, click Next.

21. On the Confirm selections page, click Create.

22. On the View results page, wait until the creation is completed, and then click Close.
 MCT USE ONLY. STUDENT USE PROHIBITED
L2-6 Managing Exchange Server 2016 servers

23. In the iSCSI VIRTUAL DISKS pane, click TASKS, and then in the TASKS drop-down list box, select
New iSCSI Virtual Disk.
24. In the New iSCSI Virtual Disk Wizard, on the Select iSCSI virtual disk location page, under
Storage location, click C:, and then click Next.
25. On the Specify iSCSI virtual disk name page, in the Name box, type iSCSIDisk2, and then click
Next.

26. On the Specify iSCSI virtual disk size page, in the Size box, type 2, make sure GB is selected in the
drop-down list box, and then click Next.
27. On the Assign iSCSI target page, click lon-ex1, and then click Next.

28. On the Confirm selections page, click Create.

29. On the View results page, wait until the creation is completed, and then click Close.
30. In the iSCSI VIRTUAL DISKS pane, click TASKS, and then in the TASKS drop-down list box, select
New iSCSI Virtual Disk.
31. In the New iSCSI Virtual Disk Wizard, on the Select iSCSI virtual disk location page, under
Storage location, click C:, and then click Next.

32. On the Specify iSCSI virtual disk name page, in the Name box, type iSCSIDisk3, and then click
Next.

33. On the Specify iSCSI virtual disk size page, in the Size box, type 500, make sure MB is selected in
the drop-down list box, and then click Next.

34. On the Assign iSCSI target page, click lon-ex1, and then click Next.

35. On the Confirm selections page, click Create.

36. On the View results page, wait until the creation is completed, and then click Close.

37. On LON-EX1, click Start, and then click Server Manager on the taskbar.

38. In Server Manager, click Tools, and then click iSCSI Initiator.

39. In the Microsoft iSCSI dialog box, click Yes.

40. Click the Discovery tab.

41. Click Discover Portal.

42. In the IP address or DNS name box, type 172.16.0.10, and then click OK.

43. Click the Targets tab.

44. Click Refresh.

45. In the Targets list, select iqn.1991-05.com.microsoft:lon-dc1-lon-ex1-target, and then click

Connect.

46. Select Add this connection to the list of Favorite Targets, and then click OK two times.

47. In Server Manager, click Tools, and then click Computer Management.

48. If necessary, expand Storage, and then click Disk Management.

49. Right-click Disk 1, and then click Online.

50. Right-click Disk 1, and then click Initialize disk. In the Initialize Disk dialog box, click OK.

51. Right-click the unallocated space next to Disk 1, and then click New Simple Volume.

52. On the Welcome to the New Simple Volume Wizard page, click Next.
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L2-7

53. On the Specify Volume Size page, click Next.

54. On the Assign Drive Letter or Path page, click Next.

55. On the Format Partition page, in the Volume Label box, type DB1. Select the Perform a quick
format check box, and then click Next.

56. Click Finish.

Note: If the Microsoft Windows window pops up with prompt to format the disk, click
Cancel.

57. Repeat steps 49 through 56 for Disk 2 and Disk 3.

Note: Use DB2 and Logs for Volume Labels, respectively.

58. Close the Computer Management window.

Task 2: Configure mailbox settings for an existing database

1. On LON-EX1, on the taskbar, click Internet Explorer.

2. In Internet Explorer, type https://lon-ex1.adatum.com/ecp, and then press Enter.

3. Sign in as Adatum\Administrator with the password Pa55w.rd.

4. If prompted to store your password, click Yes.

5. On the Exchange Admin Center page, select your time zone, and then click Save.

6. In the Exchange admin center, in the feature pane, click servers.

7. Click the databases tab.

8. Click the (+) button.

9. On the New Database page, type MB1 as the mailbox database name, and then click Browse.
10. Click LON-EX1, click OK, and then click Save.

11. Click OK on the warning dialog box.

12. Right-click on the Start hint, and then click Computer Management.

13. Expand Services and Applications, and then click Services.

14. Right-click the Microsoft Exchange Information Store service, and then click Restart.

15. Close the Computer Management console.

16. In the Exchange admin center, double-click MB1.

17. In the Mailbox database window, click limits.

18. In the Issue a warning at (GB) text box, type 0.9.

19. In the Prohibit send at (GB): text box, type 1.

20. In the Prohibit send and receive at (GB): text box, type 1.3.

21. In the Keep deleted items for (days): text box, type 30.

22. Click Save. Minimize the Exchange admin center window.

 MCT USE ONLY. STUDENT USE PROHIBITED
L2-8 Managing Exchange Server 2016 servers

23. On LON-EX1, click Start, click the Microsoft Exchange Server 2016 folder, and then click Exchange
Management Shell.
24. In the Exchange Management Shell window, type Get-MailboxDatabase, and then press Enter.

25. See the list of mailbox databases created.

26. In the Exchange Management Shell window, type the following command, and then press Enter:

Move-DatabasePath –Identity “MB1” –EdbFilePath E:\DB1\DB1.edb –LogFolderPath

G:\Logs\DB1

27. Type y, and then press Enter.

28. Type y, and then press Enter.

29. Minimize the Exchange Management Shell window.

30. Open File Explorer, navigate to E:\, and open the DB1 folder. Make sure that the database DB1.edb
file is present.

31. Navigate to G:\, and open the folder Logs\DB1. Ensure that the log files are present.

32. Close File Explorer.

Task 3: Create and configure additional mailbox databases

1. Restore the Exchange admin center window.

2. Click servers in the feature pane, and then click the databases tab.

3. Click New (+).

4. In the Database window, in the Mailbox database text box, type MB2.

5. Click Browse.

6. In the Select Server window, select LON-EX1, and then click OK.

7. In the Database file path text box, type: F:\DB2\DB2.edb.

8. In the Log folder path text box, type G:\Logs\DB2.

9. Make sure that Mount this database is selected, and then click Save. Click OK.

10. Restore the Exchange Management Shell window.

11. In the Exchange Management Shell window, type the following command, and then press Enter:

Set-MailboxDatabase –identity MB2 –DeletedItemRetention 20.00:00:00 –

CircularLoggingEnabled $true –ProhibitSendQuota 2.2GB

12. Type the following command, and then press Enter:

Dismount-Database –identity MB2

13. Type y, and then press Enter.

14. Type the following command, and then press Enter:

Mount-Database –identity MB2

 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L2-9

Task 4: Prepare for the next module

When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:

1. On the host computer, start Hyper-V Manager.

2. In the Virtual Machines list, right-click 20345-1A-LON-DC1, and then click Revert.

3. In the Revert Virtual Machine dialog box, click Revert.

4. Repeat steps 2 to 3 for 20345-1A-LON-EX1.

Results: After completing this exercise, you will have configured Internet small computer system interface
(iSCSI) storage for your mailbox databases and logs. You will also have created and configured mailbox
databases.
MCT USE ONLY. STUDENT USE PROHIBITED
 MCT USE ONLY. STUDENT USE PROHIBITED
L3-11

Module 3: Managing recipient objects

Lab A: Managing Exchange Server recipient
objects and public folders
Exercise 1: Managing recipients
Task 1: Create the Adventure Works Cycles AD DS objects
1. On LON-EX1, start Server Manager.
2. Click Tools, and then click Active Directory Module for Windows PowerShell.

3. At the command prompt, type cd \Labfiles\Mod03, and press Enter to navigate to a different folder.
4. Type .\AdventureWorksSetup.ps1, and then press Enter to start the script to create the OUs, users,
and groups.

5. When prompted, type the password Pa55w.rd.

6. Close the Active Directory Module for Windows PowerShell window.

7. In Server Manager, click Tools, and then click Active Directory Users and Computers.

8. Expand Adatum.com, expand AdventureWorks, and verify that the AdventureWorks OU contains
child OUs with user accounts and groups.
9. Close Active Directory Users and Computers.

Task 2: Create the Adventure Works Cycles mailboxes

1. On LON-EX1, click Start, click the Microsoft Exchange Server 2016 folder, and then click Exchange
Management Shell.

2. At the command prompt, type the following command, and then press Enter to create a mailbox
database for Adventure Works Cycles users.

New-MailboxDatabase –Name AdventureWorksDB –Server LON-EX1

3. At the command prompt, type the following command, and then press Enter to restart the Microsoft
Exchange Information Store service on LON-EX1.

Restart-Service msexchangeis

4. At the command prompt, type the following command and then press Enter to mount the database.

Mount-Database –Identity AdventureWorksDB

5. At the command prompt, type the following command, and then press Enter to create mailboxes for
all Adventure Works Cycles users.

Get-User –OrganizationalUnit AdventureWorks | Enable-Mailbox -Database

AdventureWorksDB

6. At the command prompt, type the following command, and then press Enter to mail-enable all
Adventure Works Cycles groups.

Get-Group –OrganizationalUnit AdventureWorks | Enable-DistributionGroup

 MCT USE ONLY. STUDENT USE PROHIBITED
L3-12 Managing recipient objects

7. On LON-EX1, open Internet Explorer and connect to https://LON-EX1.adatum.com/ecp.

8. Sign in as Adatum\administrator by using the password Pa55w.rd.

9. Click the resources tab, click New, and then click Room mailbox.

10. Fill in the following information:

o Room name: AW_Room1

o Alias: AW_Room1

o Organizational unit: click browse, click AdventureWorks, and then click OK

o Location: Harrow
o Capacity: 20

11. Click more options, under Mailbox database, click Browse, click AdventureWorksDB, and then
click OK.
12. Click Save.

13. Double-click AW_Room1 and then click the booking delegates tab.

14. Click Select delegates who can accept or decline booking requests.

15. Under Delegates, click Add, click Kendra Sexton, click add, and then click OK. Click Save.

16. In the Exchange Management Shell, type the following command, and then press Enter to
configure the resource booking policy.

Set-CalendarProcessing –Identity AW_Room1 –BookinPolicy AllAdventureWorks

17. On LON-EX1, in the Exchange Admin Center, in the Features pane, click recipients.

18. Click the shared tab, click New, and then fill in the following information:

o Display name: AdventureWorks Sales

o Alias: AdventureWorksSales

o Organizational unit: Adatum.com/AdventureWorks/Sales

19. Under Users, click Add, click AW_Sales, click add, and then click OK.

20. Click More options.

21. Under Mailbox database, click browse, click AdventureWorksDB, and then click OK.

22. Click Save.

Task 3: Create the Adventure Works Cycles distribution groups

1. On LON-EX1, in the Exchange Admin Center, click the groups tab.

2. Click New, click Distribution group, and then fill in the following information:

o Display name: AW_SalesMgrs

o Alias: AWSalesMgrs

o Organizational unit: Adatum.com/AdventureWorks/Sales

o Members: Christie Thomas, Perry Brill

o Owner approval is required: Closed

o Choose whether the group is open to leave: Closed

 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L3-13

3. Click Save.

4. On the groups tab, click New, click Distribution group, and then fill in the following information:
o Display name: AdventureWorksNews

o Alias: AdventureWorksNews

o Organizational unit: AdventureWorks

o Members: none

o Owner approval is required: Open

o Choose whether the group is open to leave: Open

5. Click Save.

6. On LON-EX1, in the Exchange Management Shell, type cd C:\Labfiles\Mod03, and then press Enter.

7. Type the following command, and press Enter to initiate the script to import the users from the
spreadsheet.

$users=Import-Csv .\AdventureWorksIntegrationTeam.csv

8. Type the following command, and then press Enter to configure the mailboxes based on the list in
the spreadsheet.

ForEach ($i in $users) {Set-Mailbox –Identity $i.Displayname –CustomAttribute1

“AdventureWorks Integration Project Team”}

9. On LON-EX1, in the Exchange Admin Center, on the groups tab, click New, click Dynamic
distribution group, and then fill in the following information:

o Display name: AdventureWorksIntegration

o Alias: AWIntegration

o Organizational unit: AdventureWorks

o Owner: Administrator

10. Under Members, click Only the following recipient types, and then select Users with Exchange
mailboxes.
11. Click add a rule.

12. From the drop-down list, click Recipient container.

13. Click Adatum.com, and then click OK.

14. Click add a rule.

15. From the drop-down list, click Custom attribute 1.

16. Click Enter words, and in the specify words or phrases dialog, type AdventureWorks Integration
Project Team, click Add, and then click OK.

17. Click Save.

Results: After completing this exercise, you should have created AD DS user and group accounts for
Adventure Works Cycles, created a room mailbox with custom permissions, and configured a shared
mailbox. You also should have configured distribution groups for the Adventure Works Cycles users.
 MCT USE ONLY. STUDENT USE PROHIBITED
L3-14 Managing recipient objects

Exercise 2: Managing public folder mailboxes

Task 1: Create the public folder mailbox
1. On LON-EX1, switch to Exchange Admin Center.

2. In the Feature pane, click public folders.

3. Click the public folder mailboxes tab, and then click new public folder mailbox.
4. On the new public folder mailbox page, type PFMBX1 in the Name text box.

5. Under Organizational unit, click browse, click AdventureWorks, and then click OK.

6. Under Mailbox database, click browse, click AdventureWorksDB, and then click OK.
7. Click Save.

Task 2: Create the public folders

1. On LON-EX1, in the Exchange Admin Center, click public folders, and then click New public folder.

2. On the new Public Folder page, in the Name text box, type AdventureWorks, and then click Save.

3. Click AdventureWorks, and then click New public folder.

4. In the new public folder window, in the Name text box, type Infrastructure, and then click Save.

Task 3: Configure public folder permissions

1. On LON-EX1, in the Exchange Admin Center, click Go to the parent folder.

2. Verify that AdventureWorks is listed in the folder list.

3. Select the AdventureWorks folder, and then under Folder permissions, click Manage.

4. In the AdventureWorks window, click Add.

5. In the Public Folder Permissions window, next to User, click Browse.

6. In the Select Recipient window, click AW_IT, and then click OK.

7. Under Permission level, click Owner, and then click Save.

8. Select Apply changes to this public folder and all its subfolders.

9. In the AdventureWorks window, click Add.

10. In the Public Folder Permissions window, next to User, click Browse.

11. In the Select Recipient window, click All Adventure Works, and then click OK.

12. Under Permission level, click Author, and then click Save.

13. Click Save, and then click Close.

Task 4: Validate the public folder deployment

1. On LON-CL1, sign in as Adatum\ Sherri with the password Pa55w.rd.

2. Click Start to open the application menu.

3. Open Outlook 2016.

4. On the Welcome to Outlook 2016 page, click Next.

5. On the Add an Email Account page, click Next.

6. On the Auto Account Setup page, verify that Sherri’s information is added automatically, and then
click Next.
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L3-15

7. Click Finish, and wait for Outlook to open.

8. If you get a warning that Office is not activated, click Close.

9. In the First things first window, click Ask me later, and then click Accept.

10. After Outlook opens, open the Folders view.

11. Verify that the node Public Folders is listed in the left pane.
12. Expand Public Folders, and then verify that the AdventureWorks and Infrastructure public folders
are visible.

Note: It can take several minutes for the public folders to appear. If the public folders
are not visible, wait a few minutes, close Outlook 2016 and open it again. If the public folders
still do not appear, sign out on LON-CL1, sign in as Adatum\Sherri by using the password
Pa55w.rd, and open Outlook 2016. Configure the Outlook profile, and then verify that the
public folders are visible.

Results: After completing this exercise, you should have created public folder mailboxes for Adventure
Works Cycles and verified that users can access the mailboxes.

Task 5: Prepare for the next lab

• When you finish the lab, leave the virtual machines running.
 MCT USE ONLY. STUDENT USE PROHIBITED
L3-16 Managing recipient objects

Lab B: Managing Exchange Server email

address lists and policies
Exercise 1: Managing email-address policies
Task 1: Configure AdventureWorksCycles.net as an accepted domain
1. On LON-EX1, in the Exchange Admin Center, in the Features pane, click mail flow, click the
accepted domains tab, and then click New.
2. In the new accepted domain window, type AdventureWorksCycles in the Name text box, and
AdventureWorksCycles.net in the Accepted domain text box.

3. Click Save.

Task 2: Configure an email address policy for Adventure Works Cycles users
1. On LON-EX1, in the Exchange Admin Center, on the email address policies tab, click New.

2. In the new email address policy window, type AdventureWorksCycles Email in the Policy name
text box.

3. Under Email address format, click Add.

4. From the Select an accepted domain drop-down list, select AdventureWorksCycles.net.

5. Click [email protected], and then click Save.

6. In the new email address policy window, click add a rule.

7. Click Select one, and then click Recipient container.

8. In the select an organizational unit dialog box, click the AdventureWorks organizational unit, and
then click OK.

9. Click Save, and then click OK.

10. Click the AdventureWorksCycles Email address policy.

11. In the Details pane, click Refresh, click Apply, and then click Yes.

12. Click Close.

Task 3: Verify that email addresses are applied correctly

1. On LON-EX1, in the Exchange Admin Center, click recipients in the Features pane.

2. Click mailboxes, double-click Misty Phillips, and then click the email address tab.

3. Verify that the AdventureWorksCycles.net email address has been assigned to Misty’s mailbox.

4. Click Cancel.

5. In the top-right of the Exchange Admin Center, click Administrator, and then click Sign out.

6. In Internet Explorer, type https://lon-ex1.adatum.com/owa in the address bar.

7. Sign in as Adatum\Misty by using the password Pa55w.rd.

8. On the Choose your preferred display language and home time zone below, in the Time Zone
menu, select your time zone, and then click Save.

9. In the Outlook on the web window, click Save.

10. Click New.
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L3-17

11. In the new email window, click To, on the To line type Abby, and then click Save.

12. Type test in the Subject text box, type a short email message, and then click Send.
13. In the top-right of the Outlook on the web window, click Misty, and then click Sign out.

14. In the Outlook on the web window, sign in as Adatum\Abby by using the password Pa55w.rd.
15. On the Choose your preferred display language and home time zone below, in the Time Zone
menu, select your time zone, and then click Save.

16. In the Outlook on the web window, verify that Abby received the message from Misty.

17. On the message, click Misty to open the contact card for Misty.
18. On the contact card window, verify that the reply-to email address from Misty is in the form of
[email protected].

19. In the top-right of the Outlook on the web window, click Abby, and then click Sign out.

Results: After completing this exercise, you should have configured the email-address policy for
Adventure Works Cycles users to receive email sent to the A. Datum email domain and the Adventure
Works Cycles email domain, configured the reply-to email address for the Adventure Works Cycles users
for the Adventure Works Cycles email domain, and verified that these changes were applied correctly.

Exercise 2: Managing address lists and address-book policies

Task 1: Configure an address list for Adventure Works Cycles users
1. On LON-EX1, in Internet Explorer connect to https://LON-EX1.adatum.com/ecp.

2. Sign in as Adatum\Administrator by using the password Pa55w.rd.

3. In the Exchange Admin Center, in the Features pane, click organization, and then click address lists.

4. On the address lists tab, click New.

5. In the new address list window, type AdventureWorksCycles in the Name text box.

6. Click add a rule.

7. In the select one list, click Recipient container.

8. In the select an organizational unit dialog box, click the AdventureWorks organizational unit, and
then click OK.
9. Click Save, and then click OK.

10. Click the AdventureWorksCycles address list you just created.

11. In the Details pane, click Update, click Yes, and then click Close.

Task 2: Configure an address-book policy for Adventure Works Cycles users

1. On LON-EX1, if required, open the Exchange Management Shell.

2. At the command prompt, type the following command, and press Enter:

Get-Mailbox –OrganizationalUnit AdventureWorks | Set-Mailbox –CustomAttribute2

AdventureWorks
 MCT USE ONLY. STUDENT USE PROHIBITED
L3-18 Managing recipient objects

3. At the command prompt, type the following command, and press Enter:

Get-DistributionGroup –OrganizationalUnit AdventureWorks | Set-DistributionGroup –

CustomAttribute2 AdventureWorks

4. At the command prompt, type the following command, and press Enter:

New-GlobalAddressList -Name AdventureWorksGAL –ConditionalCustomAttribute2

AdventureWorks –IncludedRecipients AllRecipients

5. At the command prompt, type the following command, and press Enter:

Update-GlobalAddressList -Identity AdventureWorksGAL

6. At the command prompt, type the following command, and press Enter:

New-OfflineAddressBook -Name AdventureWorksOAB -AddressLists AdventureWorksGAL

7. At the command prompt, type the following command, and type Enter:

New-AddressList -Name AdventureWorksRooms –RecipientContainer AdventureWorks –

IncludedRecipients Resources

8. At the command prompt, type the following command, and press Enter:

Update-AddressList AdventureWorksRooms

9. At the command prompt, type the following command, and press Enter:

Set-OfflineAddressBook -Identity "AdventureWorksOAB" –VirtualDirectories “LON-EX1\OAB

(Default Web Site)”,”LON-EX1\OAB (Exchange Back End)”

10. At the command prompt, type the following command, and press Enter:

Update-OfflineAddressBook -Identity "AdventureWorksOAB"

11. At the command prompt, type the following command, and press Enter:

New-AddressBookPolicy -Name AdventureWorksABP -AddressLists \AdventureWorksCycles -

OfflineAddressBook AdventureWorksOAB -GlobalAddressList AdventureWorksGAL -RoomList
\AdventureWorksRooms

12. At the command prompt, type the following command, and press Enter:

Get-Mailbox -OrganizationalUnit AdventureWorks | Set-Mailbox -AddressBookPolicy

AdventureWorksABP

Task 3: Validate the deployment

1. On LON-EX1, in the Exchange Admin Center, click recipients in the Features pane.

2. Click mailboxes, double-click Misty Phillips, and then click the mailbox features tab.

3. Verify that the AdventureWorksABP has been assigned to Misty’s mailbox. Click Cancel.

4. On LON-CL1, sign in as Adatum\Misty by using the password Pa55w.rd.

5. Click Start to open the application menu.

6. Open Outlook 2016.

7. On the Welcome to Outlook 2016 page, click Next.
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L3-19

8. On the Add an Email Account page, click Next.

9. On the Auto Account Setup page, verify that Misty’s information is added automatically, and then
click Next.

10. Click Finish, and wait for Outlook to open. If you receive a warning that Office is not activated, click
Close.
11. In the First things first window, click Ask me later, and then click Accept.

12. After Outlook opens, click New Email. In the Untitled – Message (HTML) window, click To.

13. Verify that the user can only see users and groups in the AdventureWorks OU.
14. Click AW_SalesMgrs, click To, and then click OK.

15. Type test in the Subject text box, type a short email message, and then click Send.

16. Click the Calendar icon.

17. On the toolbar, click New Meeting.

18. In the Untitled – Meeting window, click To.

19. Click Sherri Harrell, and then click Required.

20. Under Address Book, click AdventureWorksRooms, click AW_Room1, click Resources, and then
click OK.

21. In the Untitled – Meeting window, pick a time tomorrow in the Start time text box.

22. Type test meeting in the Subject text box, type a short message, and then click Send.

23. Review the Meeting Response message and then close the message.

24. Open Microsoft Edge, type https://lon-ex1.adatum.com/owa in the address bar, and then press
Enter.

25. Sign in as Adatum\Misty by using the password Pa55w.rd.

26. If required, on the Choose your preferred display language and home time zone below, in the
Time Zone menu, select your time zone, and then click Save.

27. In the Outlook on the web window, click the Settings icon in the top-right corner, and click Options.

28. Under Options, click General.

29. Under General, click Distribution groups.

30. Under distribution groups I belong to, click Join.

31. In the all groups dialog box, double-click AW_SalesMgrs.

32. In the AW_SalesMgrs dialog box, click Join.

33. Review the error message stating that the group is closed, and then click ok. Click close.

34. In the all groups dialog box, double-click AdventureWorksNews.

35. In the AdventureWorksNews dialog box, click Join.

36. Close the all groups dialog box, and verify that Misty is now a member of the
AdventureWorksNews distribution group.

37. Close Microsoft Edge. Select the option to close all tabs.

38. In Outlook 2016, click New Email.

 MCT USE ONLY. STUDENT USE PROHIBITED
L3-20 Managing recipient objects

39. In the To text box, type [email protected], type a subject, type a short message, and
then click Send.
40. Open Microsoft Edge, type https://lon-ex1.adatum.com/owa in the address bar, and then press
Enter.

41. Sign in as Adatum\Abby by using the password Pa55w.rd.

42. On the Choose your preferred display language and home time zone below, in the Time Zone
menu, select your time zone, and then click Save.

43. In the Outlook on the web window, verify that Abby received the message sent to the
adventureworksintegration dynamic distribution group.

Results: After completing this exercise, you should have created an email-address policy and address list
for Adventure Works Cycles. You also should have created an address-book policy for Adventure Works
Cycles, and validated its deployment.

Task 4: Prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:

1. On the host computer, start Hyper-V Manager.

2. In the Virtual Machines list, right-click 20345-1A-LON-DC1, and then click Revert.

3. In the Revert Virtual Machine dialog box, click Revert.

4. Repeat steps 2 and 3 for 20345-1A-LON-EX1, 20345-1A-LON-EX2, and 20345-1A-LON-CL1.

 MCT USE ONLY. STUDENT USE PROHIBITED
L4-21

Module 4: Managing Microsoft Exchange Server 2016 and

recipient objects by using Exchange Management Shell
Lab: Managing Exchange Server and
recipient objects by using Exchange
Management Shell
Exercise 1: Using Exchange Management Shell to manage recipients
Task 1: Import the Exchange Management Shell module into
Windows PowerShell ISE
1. Sign in to the LON-EX1 virtual machine with the user name Adatum\Administrator and the
password Pa55w.rd.

2. Click Start, right-click Windows PowerShell ISE, select More, and then click Run as administrator.

3. In the console pane, type the following command, and then press Enter:

Import-Module 'C:\Program Files\Microsoft\Exchange

Server\V15\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto -
ClientApplication:ManagementShell

4. In the console pane, type the following command, and then press Enter to verify that Exchange
Management Shell cmdlets are available:

Get-ExCommand

Task 2: Explore the recipient-management cmdlets

1. On LON-EX1, in the Windows PowerShell ISE console pane, type the following command, and then
press Enter:

Get-Command *-Mailbox

2. In the console pane, type the following command, and then press Enter:

Get-Mailbox

3. In the console pane, type the following command, and then press Enter:

Enable-Mailbox ‘Holly Spencer’

4. In the console pane, type the following command, and then press Enter:

Set-Mailbox ‘Holly Spencer’ -HiddenFromAddressListsEnabled $true

 MCT USE ONLY. STUDENT USE PROHIBITED
L4-22 Managing Microsoft Exchange Server 2016 and recipient objects by using Exchange Management Shell

Task 3: Format the output of Exchange Management Shell

1. On LON-EX1, in the Windows PowerShell ISE console pane, type the following command, and then
press Enter:

Get-User –RecipientTypeDetails User | Measure-Object

2. In the console pane, type the following command, and then press Enter:

Get-User –RecipientTypeDetails User | Format-Table –Property

Name,SamAccountName,Department -AutoSize

3. In the console pane, type the following command, and then press Enter:

Get-User –RecipientTypeDetails User | Sort-Object Department | Format-Table –Property

Name,SamAccountName,Department -AutoSize

4. In the console pane, type the following command, and then press Enter:

Get-User –RecipientTypeDetails User | Select Name,SamAccountName,Department | Export-

Csv C:\Get-User.csv -NoTypeInformation

Task 4: Use pipelining to manage multiple objects

1. On LON-EX1, in the Windows PowerShell ISE console pane, type the following command, and then
press Enter:

Get-User –Filter {department –eq 'Managers'} | Set-User –Title 'Manager'

2. In the console pane, type the following command, and then press Enter:

Get-User –RecipientTypeDetails User –Filter {(Department –eq 'IT') –and (LastName –

like 'S*')} | Enable-Mailbox

3. In the console pane, type the following command, and then press Enter:

Get-User –RecipientTypeDetails UserMailbox –Filter {Department –eq 'IT'} | Get-

Mailbox | Add-RoleGroupMember 'Recipient Management'

Task 5: Use variables and loops

1. On LON-EX1, in the Windows PowerShell ISE console pane, type the following command, and then
press Enter:

$mailboxes = Get-Mailbox

2. In the console pane, type the following command, and then press Enter:

foreach ($mailbox in $mailboxes) {

Write-Host $mailbox.DisplayName
}

3. In the console pane, type the following command, and then press Enter:

foreach ($mailbox in $mailboxes) {

Write-Host $mailbox.DisplayName
if (($mailbox.DisplayName –ne 'Administrator') –and ($mailbox.DisplayName –ne
'Discovery Search Mailbox')) {
$mailbox | Enable-Mailbox -Archive
}
}
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L4-23

Task 6: Create a script for bulk-recipient management

1. On LON-EX1, select File, and then select New from the Windows PowerShell ISE menu bar.

2. On line 1 of the new script tab, type the following:

Import-Module 'C:\Program Files\Microsoft\Exchange

Server\V15\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto -
ClientApplication:ManagementShell

3. On line 2 of the new script tab, type the following:

$csvdata = Import-Csv C:\Get-User.csv

4. On lines 3 through 8 of the new script tab, type the following:

foreach ($csvrow in $csvdata) {

$user = Get-User $csvrow.Name
if (($user.RecipientTypeDetails -eq 'User') -and ($user.Department -eq
'Managers') -and ($user.FirstName -like 'B*')) {
$user | Enable-Mailbox
}
}

5. Click File, and then click Save As.

6. Go to C:\.

7. In the File name text box, type Enable-Mailbox.ps1, and then click Save.

8. Click File, and then click Exit to exit Windows PowerShell ISE.

9. Click Start, right-click the Windows PowerShell icon, and then select Run as Administrator.

10. Type the following command at the command prompt, and then press Enter:

Copy c:\*.csv

11. Type the following command at the command prompt, and then press Enter:

. 'C:\Enable-Mailbox.ps1'

12. Close Windows PowerShell by typing the following command, and then pressing Enter:

exit

Results: After completing this exercise, you should have used the Exchange Management Shell and
performed basic recipient-management tasks.
 MCT USE ONLY. STUDENT USE PROHIBITED
L4-24 Managing Microsoft Exchange Server 2016 and recipient objects by using Exchange Management Shell

Exercise 2: Using the Exchange Management Shell to manage Exchange

Server
Task 1: Configure Exchange Server by using Exchange Management Shell
1. On LON-EX1, click Start, right-click Windows PowerShell ISE, select More, and then click Run as
administrator.

2. In the console pane, type the following command, and then press Enter:

Import-Module 'C:\Program Files\Microsoft\Exchange

Server\V15\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto -
ClientApplication:ManagementShell

3. In the console pane, type the following command, and then press Enter:

New-MailboxDatabase –Server LON-EX1 –Name ‘Managers’

4. In the console pane, type the following command, and then press Enter:

Mount-Database ‘Managers’

5. In the console pane, type the following command, and then press Enter:

Restart-Service MSExchangeIS

6. In the console pane, type the following command, and then press Enter:

Get-MailboxDatabaseCopyStatus

Task 2: Test and monitor Exchange Server by using Exchange Management Shell
1. On LON-EX1, in the Windows PowerShell ISE console pane, type the following command, and then
press Enter:

Test-ServiceHealth

Verify that RequiredServicesRunning is True for all roles.

2. In the console pane, type the following command, and then press Enter:

Stop-Service MSExchangeIS

3. In the console pane, type the following command, and then press Enter:

Test-ServiceHealth

Verify that RequiredServicesRunning is False for the Mailbox Server Role.

4. In the console pane, type the following command, and then press Enter:

Start-Service MSExchangeIS

5. In the console pane, type the following command, and then press Enter:

Test-ServiceHealth

6. Verify that RequiredServicesRunning is True for all roles.

 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L4-25

Task 3: Create a script for database management

1. On LON-EX1, in Windows PowerShell ISE, select File, and then click New.

2. On line 1 of the new script tab, type the following:

Import-Module 'C:\Program Files\Microsoft\Exchange

Server\V15\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto -
ClientApplication:ManagementShell

3. On line 2 of the new script tab, type the following:

Get-MailboxDatabase –Server LON-EX1 | Set-MailboxDatabase –DeletedItemRetention

30.00:00:00

4. Click File, and then click Save As.

5. Go to C:\.
6. In the File name text box, type Set-MailboxDatabase.ps1, and then click Save.

7. Click File, and then click Exit to exit Windows PowerShell ISE.

8. Click Start, right-click the Windows PowerShell icon, and then select Run as Administrator.

9. Type the following command at the command prompt, and then press Enter:

. 'C:\Set-MailboxDatabase.ps1'

10. Close Windows PowerShell by typing the following command, and then pressing Enter:

exit

Results: After completing this exercise, you should have used the Exchange Management Shell and
performed basic server configuration tasks.

Task 4: Prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, perform the following
steps:
1. On the host computer, start Hyper-V Manager.

2. In the Virtual Machines list, right-click 20345-1A-LON-DC1, and then click Revert.

3. In the Revert Virtual Machine dialog box, click Revert.

4. Repeat steps 2 to 3 for 20345-1A-LON-EX1.

MCT USE ONLY. STUDENT USE PROHIBITED
 MCT USE ONLY. STUDENT USE PROHIBITED
L5-27

Module 5: Implementing client connectivity

Lab A: Deploying and configuring client
access services on Exchange Server 2016
Exercise 1: Configuring Namespaces for client access
Task 1: Create a DNS record for the namespace
1. On LON-DC1, in Server Manager, click Tools and then click DNS.
2. In DNS Manager, expand LON-DC1, expand Forward Lookup Zones, and then click Adatum.com.

3. Right-click Adatum.com and then click New Host (A or AAAA).

4. In the New Host window, in the Name box, type mail.

5. In the IP address box, type 172.16.0.14 and click Add Host.

6. In the DNS window, click OK.

7. In the New Host window, click Done.

8. Close DNS Manager.

Task 2: Configure the SCP for Autodiscover

1. On LON-EX1, click Start, click the Microsoft Exchange Server 2016 folder, and then click Exchange
Management Shell.

2. In Exchange Management Shell, type Get-ClientAccessService | fl name,auto* and press Enter.

3. In Exchange Management Shell, type Get-ClientAccessService | Set-ClientAccessService –

AutoDiscoverServiceInternalUri https://mail.adatum.com/Autodiscover/Autodiscover.xml and
press Enter.

4. Close Exchange Management Shell.

Task 3: Configure external URLs

1. On LON-EX1, on the taskbar, click Internet Explorer.
2. In Internet Explorer, in the address bar, type https://lon-ex1.adatum.com/ecp and press Enter.

3. Sign in as Adatum\Administrator with a password of Pa55w.rd.

4. In the Time zone list, click (UTC-08:00) Pacific Time (US & Canada) and then click Save.
5. In Exchange admin center, click servers and then click the virtual directories tab.

6. In the toolbar click configure external access domain (the wrench icon).

7. In the configure external access domain window, click Add.

8. In the Select a Server window, click LON-EX1, click add, click LON-EX2, click add, and then click OK.

9. In the configure external access domain window, in the Enter the domain name you will use with
your external Client Access servers box, type mail.adatum.com and click Save.

10. When saving is complete, click Close.

 MCT USE ONLY. STUDENT USE PROHIBITED
L5-28 Implementing client connectivity

Task 4: Configure internal URLs

1. In Exchange admin center, on the virtual directories tab, in the Select server box, select
LON-EX1.adatum.com.

2. Click ecp (Default Web Site) and then click Edit.

3. In the ecp (Default Web Site) window, in the Internal URL box, type
https://mail.adatum.com/ecp and then click Save.
4. In the warning window, click OK.

5. Click EWS (Default Web Site) and then click Edit.

6. In the EWS (Default Web Site) window, in the Internal URL box, type
https://mail.adatum.com/EWS/Exchange.asmx and then click Save.

7. Click Microsoft-Server-ActiveSync (Default Web Site) and then click Edit.

8. In the Microsoft-Server-ActiveSync (Default Web Site) window, in the Internal URL box, type
https://mail.adatum.com/Microsoft-Server-ActiveSync and then click Save.

9. Click OAB (Default Web Site) and then click Edit.

10. In the OAB (Default Web Site) window, in the Internal URL box, type
https://mail.adatum.com/OAB and then click Save.

11. Click owa (Default Web Site) and then click Edit.

12. In the owa (Default Web Site) window, in the Internal URL box, type
https://mail.adatum.com/owa and then click Save.

13. Repeat steps 1-12 to configure the virtual directories on LON-EX2.

Results: After completing this exercise, you should have configured namespaces for A. Datum
Corporation.

Exercise 2: Configuring certificates for client access

Task 1: Generate a certificate request
1. On LON-EX1, in the Exchange admin center, in the left navigation pane, click servers and click the
certificates tab.

2. In the Select server box, if necessary, select LON-EX1.Adatum.com and then click New.

3. In the new Exchange certificate window, click Create a request for a certificate from a
certification authority, and then click Next.

4. In the Friendly name for this certificate box, type mail.adatum.com and then click Next.
5. On the page containing the request for a wildcard certificate, do not make any changes, and click
Next.

6. Click Browse.
7. In the Select a Server window, click LON-EX1, and then click OK.

8. Click Next.

9. Review the list of domains and click Next.

 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L5-29

10. In the list of names, click LON-EX1 and click Remove.

11. Click Adatum.com and then click Remove.

12. In the new Exchange certificate window, click Next.

13. On the next page, fill in the fields as follows:

o Organization name: A.Datum

o Department name: IT

o City/Locality: London

o State/Province: England
o Country/Region name: United Kingdom

14. Click Next.

15. On the next page, type \\LON-EX1\C$\windows\temp\certreq.req, and click Finish.

Task 2: Submit a certificate request

1. In the Start screen, type notepad and click Notepad.

2. In Notepad, click File and click Open.

3. In the Open window, click Text Documents (*.txt) and click All Files (*.*).

4. Browse to C:\Windows\Temp and double-click certreq.req.

5. In Notepad, press Ctrl-A and then press Ctrl-C.

6. Close Notepad.

7. In Internet Explorer, open a new tab.

8. In the address bar, type http://lon-dc1/certsrv and press Enter.

9. On the Welcome page, click Request a certificate.

10. On the Request a Certificate page, click advanced certificate request.

11. On the Advanced certificate request page, click Submit a certificate request by using a base-64-
encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS
#7 file.

12. On the Submit a Certificate Request or Renewal Request page, in the Saved Request box, press
Ctrl-V.

13. In the Certificate Template box, select Adatum Web and then click Submit.

14. On the Certificate Issued page, click Download certificate.

15. When prompted, to open or save certnew.cer, click Save.

16. In Exchange admin center, on the certificates tab, click mail.adatum.com and then click complete.
If mail.adatum.com is not visible, click Refresh.

17. In the complete pending request window, in the File to import from box, type \\LON-EX1
\c$\Users\Administrator.Adatum\Downloads\certnew.cer and click OK.
 MCT USE ONLY. STUDENT USE PROHIBITED
L5-30 Implementing client connectivity

Task 3: Export and import the certificate

1. In Exchange admin center, on the certificates tab, click the mail.adatum.com certificate, click More,
and click Export Exchange certificate.

2. On the export Exchange certificate page, in the File to export to text box, type \\LON-EX2
\c$\Users\Administrator.Adatum\Downloads\mailcert.pfx.

3. In the Password text box, type Pa55w.rd, and then click OK.
4. In Exchange admin center, in the Select server list, click LON-EX2.adatum.com.

5. Click More, and click Import Exchange certificate.

6. On the import Exchange certificate page, in the File to import from text box, type \\LON-EX2
\c$\Users\Administrator.Adatum\Downloads\mailcert.pfx.

7. In the Password text box, type Pa55w.rd, and then click Next.

8. In the Specify the servers you want to apply this certificate to area, click add, click LON-EX2, click
add and then click OK.

9. Click Finish.

Task 4: Assign services to the new certificate

1. In Exchange admin center, double-click mail.adatum.com.

2. In the mail.adatum.com window, click services.

3. Select the SMTP and IIS checkboxes, and click Save.

4. In the warning window, click Yes.

5. In the Select server list, click LON-EX1.Adatum.com.

6. Double-click mail.adatum.com.

7. In the mail.adatum.com window, click services.

8. Select the SMTP and IIS checkboxes, and click Save.

9. In the warning window, click Yes.

Task 5: Verify that the certificate is in use

1. On LON-EX1, close Internet Explorer.

2. Click Internet Explorer on the taskbar.

3. In the address bar, type https://mail.adatum.com/ecp, and press Enter.

4. Sign in as Adatum\Administrator with the password Pa55w.rd.

5. In the address bar, click the lock icon and click View certificates.

6. In the Certificate window, click the Details tab.

7. Scroll down and select the Subject Alternative Name field.

8. Verify that the correct names are in the certificate and click OK.

9. Close Internet Explorer.

Results: After completing this exercise, you should have configured a certificate for Exchange Server 2016.
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L5-31

Exercise 3: Configuring Custom MailTips

Task 1: Configure a custom MailTip using Exchange admin center
1. On LON-EX1, on the taskbar, click Internet Explorer.

2. In Internet Explorer, in the address bar, type https://mail.adatum.com/ecp, and press Enter.

3. Sign in as Adatum\Administrator with the password Pa55w.rd.

4. In Exchange admin center, click recipients, and then click mailboxes.

5. In the list of mailboxes, click Adam Hobbs, and then click Edit.

6. In the Adam Hobbs window, click MailTip.

7. In the text box, type Test MailTip for Adam, and then click Save.

8. Close Internet Explorer.

Task 2: Configure a multilingual MailTip

1. On LON-EX1, click Start, click Microsoft Exchange Server 2016, and then click Exchange
Management Shell.

2. In Exchange Management Shell, type the following, and then press Enter:

Set-Mailbox –Identity Beth –Mailtip “This is english mail tip” –MailtipTranslations

(“FR: C’est la langue francaise”)

3. Close Exchange Management Shell.

Task 3: Verify MailTip functionality

1. On LON-CL1, sign in as Adatum\Nathan with a password of Pa55w.rd.

2. On the task bar, click Microsoft Edge.

3. In Microsoft Edge, type https://mail.adatum.com/owa and press Enter.

4. Sign in as Adatum\Nathan with a password of Pa55w.rd.

5. At the Would you like to save your password for adatum.com prompt, click No.

6. On the Language and time zone page, select English (United States).

7. In the Time zone box, select (UTC -8:00) Pacific Time (US & Canada) and click Save.

8. In the Mail window, click New.

9. Type Adam in the To field, and press Tab. Make sure that the field is populated with Adam Hobbs.

10. Click in the Subject field. Ensure that the MailTip has appeared.

11. Click Discard, and then click Discard again.

12. In the Mail window, click New.

13. Type Beth in the To field, and press Tab. Make sure that the field is populated with Beth Burke.

14. Click in the Subject field. Ensure that the MailTip has appeared and that it appears in English.
15. Sign out of Outlook on the web.

16. Sign in as Adatum\Adam with a password of Pa55w.rd.

17. At the Would you like to save your password for adatum.com prompt, click No.

18. On the Language and time zone page, select français (France).
 MCT USE ONLY. STUDENT USE PROHIBITED
L5-32 Implementing client connectivity

19. In the Time zone box, select (UTC -8:00) Pacific Time (US & Canada) and click Save.

20. In the Mail window, click Nouveau.

21. In the À field type Beth, and press Tab. Make sure that the field is populated with Beth Burke.

22. Click in the Objet field. Ensure that MailTip has appeared and that it appears in French.

23. Click Ignorer, and then click Ignorer again.

24. Close Microsoft Edge.

Task 4: Prepare for the next lab

• When you finish the lab, leave all the virtual machines running.

Results: After completing this exercise, you should have configured MailTips in multiple languages.
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L5-33

Lab B: Deploying and configuring client

access services on Exchange Server
Exercise 1: Configuring Exchange Server 2016 for Outlook
Task 1: Configure Outlook Anywhere and MAPI over HTTP
1. On LON-EX1, on the taskbar, click Internet Explorer.

2. In Internet Explorer, in the address bar, type https://mail.adatum.com/ecp, and press Enter.
3. Sign in as Adatum\Administrator with the password Pa55w.rd.

4. In the Exchange admin center, click servers and click the servers tab.

5. Click LON-EX1 and click Edit.

6. In the LON-EX1 window, click the Outlook Anywhere tab.

7. In the Specify the external host name (for example, contso.com) that users will use to connect
to your organization box, type mail.adatum.com.

8. Specify the internal host name (for example, contso.com) that users will use to connect to
your organization box, type mail.adatum.com.

9. Click Save.
10. In the warning window, click OK.

11. Repeat steps 5-10 for LON-EX2.

12. Close Internet Explorer.

13. Click Start, click the Microsoft Exchange 2016 folder, and then click Exchange Management Shell.

14. In Exchange Management Shell, type Get-MapiVirtualDirectory | Set-MapiVirtualDirectory -

InternalURL https://mail.adatum.com/mapi –ExternalURL https://mail.adatum.com/mapi and
press Enter.

15. Type iisreset and press Enter.

16. Close the Exchange Management Shell.

17. On LON-EX2, click Start, and then click Windows PowerShell.

18. At the Windows PowerShell prompt, type iisreset and press Enter.

19. Close the Windows PowerShell prompt.

Task 2: Test Outlook connectivity

1. On LON-CL1, sign in as Adatum\Adam with a password of Pa55w.rd.

2. In the Start menu, type Outlook and click Outlook 2016.

3. In the Welcome to Outlook 2016 window, click Next.

4. On the Add an Email Account page, click Yes and then click Next.

5. On the Auto Account Setup page, click Next.

6. When setup is complete, click Finish.

7. In the Microsoft Office Activation Wizard window, click Close.

 MCT USE ONLY. STUDENT USE PROHIBITED
L5-34 Implementing client connectivity

8. In the First things first window, click Ask me later and click Accept.
9. Expand the Notification area, press Ctrl, right-click the Outlook icon, and then click Test E-mail
AutoConfiguration.

10. In the Test E-mail AutoConfiguration window, uncheck the Use Guessmart and Secure Guessmart
Authentication check boxes.
11. In the Password box, type Pa55w.rd, and then click Test.

12. Review the URLs for Protcol: Exchange MAPI HTTP and verify that they are using
mail.adatum.com.
13. Close the Test E-mail Autoconfiguration window.

14. Close Outlook.

Results: After completing this exercise, you should have configured Outlook Anywhere and MAPI over
HTTP.

Exercise 2: Configuring Outlook on the web

Task 1: Configure authentication for Outlook on the web
1. On LON-EX1, on the taskbar, click Internet Explorer.

2. In Internet Explorer, in the address bar, type https://mail.adatum.com/ecp and press Enter.

3. Sign in as Adatum\Administrator with a password of Pa55w.rd.

4. In Exchange admin center, click servers and click the virtual directories tab.

5. In the Select server box, select LON-EX1.Adatum.com.

6. Click owa (Default Web Site) and click Edit.

7. In the owa (Default Web Site) window, click the authentication tab.

8. Under Logon format, click User name only and click Browse.

9. In the Select a Domain window, click Adatum.com and click OK.

10. In the owa (Default Web Site) window, click Save.

11. In the warning window, click OK.

12. Repeat steps 5-11 for LON-EX2.Adatum.com.

Task 2: Configure features for Outlook on the web

1. In Exchange admin center, click permissions and then click the Outlook Web App policies tab.

2. Click Default and click Edit.

3. In the Default window, click the features tab.

4. Deselect the following checkbox under Communication management:

o Instant messaging

o Text messaging

o Unified Messaging
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L5-35

5. Click Save.

6. In Exchange admin center, click recipients and then click the mailboxes tab.
7. Click Nathan Chesser and click Edit.

8. In the Nathan Chesser window, click the mailbox features tab.

9. Under Email Connectivity click View details.

10. In the Outlook Web App mailbox policy window, click Browse.

11. In the Webpage Dialog window, click Default and click OK.

12. In the Outlook Web App mailbox policy window, click Save.
13. In the Nathan Chesser window, click Save.

14. Close Internet Explorer.

Task 3: Configure offline access for Outlook on the web

1. On LON-CL1, sign in as Adatum\Nathan with a password of Pa55w.rd.

2. On the task bar, click Microsoft Edge.

3. In Microsoft Edge, type https://mail.adatum.com/owa and press Enter.

4. Sign in as Nathan with the password of Pa55w.rd. Do not store the password.

5. Click Settings and click Offline settings.

6. Select the Turn on offline access check box.

7. On the Offline access setup page, for the question, Are you the only person who uses this
computer?, click Yes.

8. Click Next, and then click Next again.

9. Click OK.

10. Close Microsoft Edge.

Task 4: Test offline access for Outlook on the web

1. On the host computer, in Hyper-V Manager, right-click 20345-1A-LON-CL1 and click Settings.

2. In the Settings for 20345-1A-LON-CL1 window, click Network Adapter.

3. In the Virtual switch box, select Not connected and click Apply. This disconnects the client from the
network.

4. On LON-CL1, on the task bar, click Microsoft Edge.

5. In Microsoft Edge, type https://mail.adatum.com/owa and press Enter.

6. Click New.

7. In the To field, type [email protected].

8. In the Subject field, type Offline Test and click Send.

9. On the host computer, in Hyper-V Manager, in the 20345-1A-LON-CL1 window, in the Virtual
switch box, select Private Network and click OK.
10. In Outlook on the web, when prompted, sign in as Nathan with a password of Pa55w.rd.

11. On LON-EX1, open a new tab in Internet Explorer.

12. In Internet Explorer, in the address bar, type https://mail.adatum.com/owa and press Enter.
 MCT USE ONLY. STUDENT USE PROHIBITED
L5-36 Implementing client connectivity

13. If necessary, sign in as Adatum\administrator with a password of Pa55w.rd.

14. Verify that the message from Nathan arrived.

15. Close Internet Explorer.

Results: After completing this exercise, you should have configured Outlook on the web.

Exercise 3: Configuring Exchange ActiveSync

Task 1: Configure device quarantine for new mobile devices
1. On LON-EX1, on the taskbar, click Internet Explorer.

2. In Internet Explorer, in the address bar, type https://mail.adatum.com/ecp and press Enter.
3. Sign in as Adatum\Administrator with a password of Pa55w.rd.

4. In Exchange admin center, click mobile and click the mobile device access tab.

5. Under Exchange ActiveSync Access Settings, click edit.

6. In the Exchange ActiveSync access settings window, under Connection Settings, click Quarantine
– Let me decide to block or allow later.

7. Under Quarantine Notification Email Messages, click Add.

8. In the Select Administrators window, click Administrator, click add, and click OK.

9. In the Exchange ActiveSync access settings window, click Save.

Task 2: Configure security settings for Exchange ActiveSync

1. On LON-EX1, in Exchange admin center, click the mobile device mailbox policies tab.

2. Click Default (default) and click Edit.

3. On the general tab, deselect the Allow mobile devices that don’t fully support these policies to
synchronize check box.

4. On the security tab, select the following checkbox:

o Require a password

o Minimum password length

o Number of sign-in failures before devices is wiped

o Require sign-in after the device has been inactive for (minutes)

5. Click Save.
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L5-37

Task 3: Prepare for the next module

When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:

1. On the host computer, start Hyper-V Manager.

2. In the Virtual Machines list, right-click 20345A-LON-DC1, and then click Revert.

3. In the Revert Virtual Machine dialog box, click Revert.

4. Repeat steps 2 to 3 for 20345-1A-LON-EX1, 20345-1A-LON-EX1, and 20345-1A-LON-CL1.

Results: After completing this exercise, you should have configured Exchange ActiveSync.
MCT USE ONLY. STUDENT USE PROHIBITED
 MCT USE ONLY. STUDENT USE PROHIBITED
L6-39

Module 6: Managing high availability in

Exchange Server 2016
Lab A: Implementing DAGs
Exercise 1: Creating and configuring a DAG
Task 1: Create a DAG
1. On LON-DC1, in Server Manager, click Tools, and then click Active Directory Users and
Computers.

2. In Active Directory Users and Computers, on the menu bar, click View, and then click Advanced
Features.
3. In the left pane, expand Adatum.com, click Computers, right-click Computers, point to New, and
then click Computer.

4. In the New Object – Computer dialog box, in the Computer name field, type DAG1, and then
click OK.

5. Click Computers, and then in the right pane, right-click DAG1, and then click Properties.

6. In the DAG1 Properties dialog box, click the Security tab.

7. On the Security tab, click Add, and then in the Enter the object names to select field, type
Exchange Trusted Subsystem. Click Check Names, and then click OK.

8. On the Security tab, click Add, and then click Object Types.
9. In the Object Types dialog box, click Computers, and then click OK.

10. In the Select Users, Computers, Service Accounts, or Groups window, in the Enter the object
names to select box, type LON-EX1$, click Check Names, and then click OK.

11. On the Security tab, select LON-EX1 (ADATUM\LON-EX1$), and then in the Allow column in the
Permissions for LON-EX1 list, click Full control.
12. On the Security tab, select Exchange Trusted Subsystem (ADATUM\Exchange Trusted
Subsystem), in the Allow column in the Permissions for Exchange Trusted Subsystem list, click
Full control, and then click OK.
13. In the Active Directory Users and Computers window, in the right pane, right-click DAG1, and then
click Disable Account.

14. In the warning window, click Yes, and then in the next information window, click OK. Close the Active
Directory Users and Computers console.

15. Switch to LON-EX1. Start Internet Explorer from the taskbar and navigate to
https://lon-ex1.adatum.com/ecp.

16. Sign in as Adatum\administrator with the password Pa55w.rd. On the Language and Time zone
page, select (UTC-08:00 Pacific Time (US&Canada) for the time zone, and click save.

17. In the Exchange Admin Center, in the Feature pane, click servers.

18. On the tabs, click database availability groups, and then on the toolbar, click New.

19. In the new database availability group window, in the Database availability group name field, type
DAG1, and then in the Witness server field, type LON-DC1. In the Witness directory field, type
C:\FSWDAG1, click Enter an IP address, in Database availability group IP addresses field, type
172.16.0.33. Click Add, and then click Save.
 MCT USE ONLY. STUDENT USE PROHIBITED
L6-40 Managing high availability in Exchange Server 2016

20. In the list view, click DAG1, and then on the toolbar, click Manage DAG membership.

21. In the manage database availability group membership window, click Add.
22. In the Select Server window, click LON-EX1, click add, and then click LON-EX2. Click add, and then
click OK.

23. In the manage database availability group membership window, click Save. Note: If you get an error,
click Close and then Save again.

24. In the Saving completed successfully window, click Close.

Note: It might take a few minutes to complete this task. You can monitor the tasks being
performed in the window.

Task 2: Create a mailbox database copy in a DAG

1. In the Exchange Admin Center on LON-EX1, in tabs, click databases, click Mailbox Database 1, on
the toolbar, click More, and then click Add database copy.
2. In the add mailbox database copy window, click Browse.

3. In the Select Server window, click LON-EX2, and then click OK.

4. Ensure that the Activation preference number setting is set to 2.

5. Click More options.

6. Review the options for Replay lag time and Postpone seeding settings, but do not make any
changes.
7. In the add mailbox database copy window, click Save.

8. Wait until the saving completes successfully, then click Close.

Note: It might take a few minutes for the process of seeding to complete.

Task 3: Verify successful completion of copying a database

1. In tabs, click Refresh, and then wait until the details pane shows Mailbox Database 1\LON-EX2 as
Passive Healthy. This might take several minutes.

2. In the details pane, under Mailbox Database 1\LON-EX2, click View details.

3. Make sure that the Status displays Healthy and the Content index state also displays Healthy. Then
click Cancel.

Note: This might take some time, so please wait.

4. On LON-EX2, click Start, click the Microsoft Exchange Server 2016 folder, and then click Exchange
Management Shell.

5. Type the following cmdlet, and then press Enter:

Test-ReplicationHealth

Review the results. You will likely see a Failed result for Database redundancy and
DatabaseAvailability, as not all databases are highly available.
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L6-41

6. Type the following cmdlet, and then press Enter:

Get-MailboxDatabaseCopyStatus

7. Look for the values in the Status and ContentIndexState columns. You should see Mounted and
Healthy in the Status column.

Note: If you see that the ContentIndexState column shows a Failed status for Mailbox
Database 1\LON-EX2, wait for 5 to 10 minutes, and then repeat this step.

Task 4: Suspend, resume, and move a database copy

1. In the Exchange Admin Center on LON-EX1, in the details pane, click Mailbox Database 1, and then
under Mailbox Database 1\LON-EX2, click Suspend.
2. In the Suspend database copy window, in the Comments field, type Test Suspend, and then click
Save. Now the database copy is suspended and will not receive any updates.

3. In the details pane, under Mailbox Database 1\LON-EX2, click Resume. If the Resume button is not
available, wait and then click Refresh a few more times.

4. In the warning window, click Yes.

5. In tabs, click Refresh, and then wait until the details pane shows Mailbox Database 1\LON-EX2 has
a Copy queue length of zero.

6. Click Mailbox Database 1, and then under Mailbox Database 1\LON-EX2, click Activate.

7. In the warning window, click Yes, and then click Close.

8. Ensure that Mailbox Database 1 mounts on LON-EX2. You can see this when you read the value in
the ACTIVE ON SERVER column.

9. Wait 3 to 4 minutes, and then click Refresh.

10. Ensure that both database copies and Content indexes are healthy. You can verify this in the
Databases copies section in the right pane.

Prepare for the next lab

Leave all virtual machines running.

Results: After completing this exercise, you will have prestaged a cluster network object in Active
Directory Domain Services (AD DS), created a database availability group (DAG), added two Mailbox
servers to the DAG, and made a database highly available. You also will have suspended a database copy
and resumed it.
 MCT USE ONLY. STUDENT USE PROHIBITED
L6-42 Managing high availability in Exchange Server 2016

Lab B: Implementing and testing high

availability
Exercise 1: Deploying a high availability solution for Client Access services
Task 1: Configure certificates on Exchange Servers
1. On LON-EX1, in the Exchange admin center, click servers in the navigation pane, and then click the
certificates tab.

2. Click … in the toolbar.

3. Select Import Exchange Certificate.

4. In the import Exchange certificate window, in the File to import from text box, type
\\LON-EX1\C$\labfiles\webmail.pfx.
5. In the Password field, type Pa55w.rd.

6. Click Next.

7. On the next page, click Add.

8. Select both LON-EX1 and LON-EX2, click add->, and then click OK.

9. Click Finish.

10. Click Close.

11. In the console, double-click the webmail.adatum.com certificate.

12. In the Exchange Certificate window, click services.

13. Select IIS, and then click Save.

14. In the Select server drop-down list, select LON-EX2.adatum.com.

Note: If you get an error that session has expired, sign in again to Exchange Admin Center.

15. Repeat steps 11 through 13.

Task 2: Configure NLB for Client Access services

1. On LON-DC1, open Internet Explorer and navigate to https://172.16.0.2:444.

2. If you receive a certificate warning, click Continue to this website (not recommended).
3. In the Windows Security window, sign in as admin with password Pa55w.rd.

4. In the Load Balancer Community Edition window, click Settings and then click Interfaces.

5. In the Settings::Interfaces window, in the Actions section, click the third icon (add virtual network
interface).

6. In the eth0: line in the Name column type 1, and then type 172.16.0.100 in the Addr column. Then
in Action, click the first icon (save virtual interface).

7. Click the Manage menu and then click Farms.

8. In the Manage:Farms window, type ExchangeOWA in Farm Description Name field, select TCP in
the Profile drop-down list and click Save & continue.

9. In the Virtual IP: drop-down list, select eth0:1->172.16.0.100 and in Virtual Port(s): type 443.
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L6-43

10. Click Save.

11. In the Manage::Farms::ExchangeOWA window, in the Actions section click Edit the
ExchangeOWA Farm.

12. In the Manager:Farms:tcp:ExchangeOWA window, clear the checkmark from Enable client ip
address persistence through memory and then beneath this option, click Modify.
13. Scroll down to the Edit real IP servers configuration section and then click Add Real Server icon.

14. In the Server 0 line, type 172.16.0.14 in the Address field, type 443 in Port field and type 0 in the
next three fields and then click Save Real Server 0.
15. Click Add Real Server.

16. In the Server 1 line, type 172.16.0.15 in the Address field, type 443 in Port field and type 0 in the
next three fields and then click Save Real Server 1.
17. Scroll up and click the Monitoring menu and then click Conns stats.

18. In the Monitoring::Conns stats window, in the Actions section click View ExchangeOWA
backends status icon.
19. In the Manage::Farms::tcp::ExchangeOWA window, ensure that both servers have the green icon in
Status column.

20. In the Refresh stats every dropdown list select 30.

21. Minimize the Internet Explorer window.

Task 3: Configure DNS and Client Access services URL

1. On LON-DC1, open Server Manager, click Tools, and then click DNS.
2. In the DNS Manager window, expand LON-DC1, expand Forward Lookup Zones, click and then
right-click Adatum.com, and then click New Host (A or AAAA)….

3. In the New Host window, type webmail in the Name text box, and then type 172.16.0.100 in the IP
address text box. Click Add Host, click OK, and then click Done.

4. Close DNS Server Manager.

5. Open a new tab in Internet Explorer, type https://webmail.adatum.com/owa, and then press Enter.
If you receive a certificate warning, click Continue to this website (not recommended). Ensure that
the Microsoft Outlook webpage opens.

6. On LON-EX1, restore Exchange Admin Center, click servers, and then click virtual directories.

7. In the list of virtual directories, double-click owa (Default Web Site) on LON-EX1.

8. In the owa (Default Web Site) window, type https://webmail.adatum.com/owa in the Internal
URL and External URL text boxes. Click Save, and then click OK in the warning window.

9. Double-click the second instance of owa (Default Web Site) on LON-EX2 in the list, and then repeat
step 8.

10. In the list of virtual directories, double-click ecp (Default Web Site).

11. In the ecp (Default Web Site) window, type https://webmail.adatum.com/ecp in the Internal URL
and External URL text boxes. Click Save, and then click OK in the warning window.

12. Double-click the second instance of ecp (Default Web Site) in the list, and then repeat step 11.

13. Click configure external access domain in the toolbar.

14. In the configure external access domain window, click Add.

 MCT USE ONLY. STUDENT USE PROHIBITED
L6-44 Managing high availability in Exchange Server 2016

15. In the Select a Server window, select both LON-EX1 and LON-EX2, click add, and then click OK.

16. Type webmail.adatum.com in the text box.

17. Click Save, and then click Close.

18. Click Start, click the Microsoft Exchange Server 2016 folder, and then click Exchange
Management Shell.
19. In the Exchange Management Shell window, type iisreset and press Enter.

20. Switch to LON-EX2 and repeat steps 18 and 19.

Task 4: Test load balancer functionality for Client Access services

1. On LON-EX1, open Internet Explorer, and then type https://webmail.adatum.com/owa. If you
receive a certificate warning, click Continue to this website (not recommended).

2. Ensure that the Outlook webpage opens.

3. Sign in as Adatum\Nathan with the password Pa55w.rd.

4. In the Time zone list, click (UTC-08:00) Pacific Time (US & Canada) and then click Save. If Security
Alert dialog box appears, click Yes.

5. Ensure that the mailbox opens. Sign out.

6. On LON-EX2, open Server Manager, click Tools, and then click Internet Information Services (IIS)
Manager.
7. In the Internet Information Services (IIS) Manager window, click LON-EX2
(ADATUM\Administrator), and then click Stop in the Actions pane. If you see an Internet
Information Services (IIS) Manager window appear, click No.
8. Switch back to LON-EX1 and repeat steps 1 through 3. Ensure that the mailbox opens. You might
need to press F5 to refresh the webpage.

9. Switch to LON-EX2. In the Internet Information Services (IIS) Manager window, click LON-EX2
(ADATUM\Administrator), and then click Start in the Actions pane.

Results: After completing this exercise, you will have configured a load balancer, certificates, and Domain
Name System (DNS) records.

Exercise 2: Testing the high availability configuration

Task 1: Simulate server failure
1. On LON-EX1, if it is not already open, open Exchange Admin Center, and then sign in as
Adatum\Administrator with the password Pa55w.rd.

2. In the navigation page, click servers.

3. In the tabs, click databases.

4. Ensure that Mailbox Database 1 is active on LON-EX2. You can see that by reading the value in the
ACTIVE ON SERVER column.

5. Sign in to LON-CL1 as Adatum\Nathan with the password Pa55w.rd.

6. Open Outlook 2016. Close the Microsoft Office Activation Wizard if it appears. If needed, sign in
as Adatum\Nathan with the password Pa55w.rd.
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L6-45

7. Ensure that you are connected to Microsoft Exchange Server 2016 with Outlook. You can verify that
by looking at the taskbar of Outlook (you should see Connected to: Microsoft Exchange).
8. On the host computer, open Microsoft Hyper-V Manager.

9. Right-click 20345-1A-LON-EX2, and then click Settings.

10. In the Settings for 20345-1A-LON-EX2 window, click Network Adapter in the left pane.
11. In the right pane, in the Virtual switch drop-down list, select Not connected, and then click OK.

Task 2: Verify high availability

1. Switch back to LON-EX1 and the Exchange admin center.

2. Refresh the view a few times.

3. Ensure that Mailbox Database 1 is now mounted on LON-EX1. You can see that by reading the
value in the ACTIVE ON SERVER column.

4. Switch to LON-CL1. Ensure that Outlook is still connected to the server.

Note: It might take a minute or two to reestablish the connection.

Prepare for the next lab

When you finish the lab, complete the following procedure and then leave the remaining virtual machines
running for the next module.

1. On the host computer, open Hyper-V Manager.

2. Right-click 20345-1A-LON-EX2, and then click Settings.

3. In the Settings for 20345-1A-LON-EX2 window, click Network Adapter in the left pane.

4. In the right pane, in the Virtual switch drop-down list, select Private Network, and then click OK.

5. In the Virtual Machines list, right-click 20345-1A-LON-CL1, and then click Revert.
6. In the Revert Virtual Machine dialog box, click Revert.

7. Shut down the machine 20345-1A-LON-LB.

Results: After completing this exercise, you will have tested your highly available environment.
MCT USE ONLY. STUDENT USE PROHIBITED
 MCT USE ONLY. STUDENT USE PROHIBITED
L7-47

Module 7: Implementing disaster recovery for Exchange

Server 2016
Lab A: Backing up Exchange Server 2016
Exercise 1: Backing up Exchange Server 2016
Task 1: Populate a mailbox by using Microsoft Outlook on the web
1. On LON-EX1, open Internet Explorer. In the address bar, type https://LON-
EX1.Adatum.com/owa, and then press Enter.

2. Sign in as Adatum\Adam with the password Pa55w.rd.

3. On the Language and Time zone page, select (UTC-08:00) Pacific Time (US & Canada) click Save.
4. Click New.

5. In the To text box, type Beth Burke, in the subject line, type Message before backup, and then click
Send.

6. Sign out of Outlook on the web.

7. Sign in again as Adatum\Beth with the password Pa55w.rd.

8. On the Language and Time zone page, select (UTC-08:00) Pacific Time (US & Canada) click Save.

9. Check that the message was received.

10. Sign out of Outlook on the web.

11. Close Internet Explorer.

12. Switch to Exchange Management Shell. If it is not running, click Start, click the Microsoft
Exchange Server 2016 folder, and then click Exchange Management Shell.

13. Type the following command, and then press Enter:

Get-Mailbox [email protected] |fl name,database,guid

Note the name and the globally unique identifier (GUID) of the Mailbox Database. You need this
information for the restore.

14. Close the Microsoft Exchange Management Shell.

Task 2: Install Windows Server Backup

1. On LON-EX1, click Start, and then click Server Manager.

2. On the dashboard, click Add roles and features. The Add Roles and Features Wizard opens.

3. On the Before You Begin page, click Next.

4. On the Installation Type page, select Role-based or feature-based installation, and then click
Next.

5. On the Server Selection page, click Select a server from the server pool, click
LON-EX1.Adatum.com in the Server Pool, and then click Next.

6. On the Server Roles page, click Next.

7. On the Features page, scroll down in the Features list, select Windows Server Backup, and then
click Next.
 MCT USE ONLY. STUDENT USE PROHIBITED
L7-48 Implementing disaster recovery for Exchange Server 2016

8. On the Confirmation page, do not select the Restart the destination server automatically if
required option, and then click Install.
9. On the Results page, click Close.

Task 3: Perform a backup of a mailbox database by using Windows Server Backup

1. On LON-DC1, open File Explorer, and then create a folder named Backup on drive C.

2. Right-click the Backup folder, select Share with, and then select Specific people.

3. Check that the Administrator account has Read/Write permissions, click Share, and then click Done.

4. Close File Explorer.

5. On LON-EX1, click Start, and then click Server Manager.

6. In Server Manager window, click Tools, and then click Windows Server Backup.

7. In the navigation pane, select Local Backup.

8. In the Actions pane on the right side, click Backup Once.

9. In the Backup Once Wizard, on the Backup Options page, select Different options, and then click
Next.

10. On the Select Backup Configuration page, select Full server (recommended), and then click Next.

11. On the Specify Destination Type page, select Remote shared folder, and then click Next.

12. On the Specify Remote Folder page, under Location, type \\LON-DC1\Backup, under Access
control, select Do not inherit, and then click Next.

13. In the Windows Security pop-up window, enter the name Administrator and the password
Pa55w.rd, and then click OK.

14. On the Confirmation page, click Backup.

15. On the Backup Progress page, click Close.

16. When the backup completes, close Windows Server Backup. It might take 10-15 minutes to complete.

Results: After completing this exercise, you should have backed up the mailbox databases.
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L7-49

Lab B: Implementing disaster recovery for

Exchange Server 2016
Exercise 1: Restoring Exchange Server 2016 data
Task 1: Delete a message in a mailbox

Note: The backup activity from the previous demonstration must be complete before you
can proceed.

1. On LON-EX1, open Internet Explorer, in the address bar, type https://LON-EX1.ADatum.com/owa,

and then press Enter.

2. Sign in as Adatum\Beth with the password Pa55w.rd.

3. Delete the message received from Adam.

4. Empty the Deleted Items folder.

5. Right-click the Deleted Items folder, and then select Recover deleted items. In the blocked pop-up
window, click Allow once.
6. In the recover deleted items window, select the message received from Adam, and then click Purge.

7. To confirm the purge action on the selected item, click OK.

8. Close the recover deleted items window.

9. Sign out of Outlook on the web.

Task 2: Restore the database by using Windows Server Backup

1. On LON-EX1, open File Explorer, and then on drive C, create a folder named Restore.

2. Click Start, and then click Server Manager.

3. In the Server Manager window, click Tools, and then click Windows Server Backup.

4. In the Actions pane, click Recover.

5. In the Recovery Wizard, on the Getting Started page, select A backup stored on another
location, and then click Next.

6. On the Specify Location Type page, select Remote shared folder, and then click Next.

7. On the Specify Remote Folder page, type \\LON-DC1\Backup, and then click Next.

8. On the Select Backup Date page, select the date and time of the backup, and then click Next.

9. On the Select Recovery Type page, select Applications, and then click Next.

10. On the Select Applications page, verify that Exchange is selected.

11. Select Do not perform a roll-forward recovery of the application database, and then click Next.

12. On the Specify Recovery Options page, select Recover to another location, and then click Browse.

13. In the Browse for Folder window, select the C:\Restore folder, click OK, and then click Next.

14. On the Confirmation page, click Recover.

 MCT USE ONLY. STUDENT USE PROHIBITED
L7-50 Implementing disaster recovery for Exchange Server 2016

15. On the Recovery Progress page, check that the status of the recovery shows completed, and then
click Close.
16. Close Windows Server Backup.

Task 3: Create a recovery database with the Exchange Management Shell

1. On LON-EX1, click Start, click the Microsoft Exchange Server 2016 folder, and then click Exchange
Management Shell.
2. In the Exchange Management Shell, type the following command, and then press Enter:

Get-MailboxDatabase –ID “Mailbox Database 1” | fl name, guid, edbfilepath,

logfolderpath

Note: This command identifies the Mailbox Database 1 GUID, in addition to the locations
for the database and transaction log files.

3. In the Exchange Management Shell, to create the recovery database, type the following command,
and then press Enter. Verify that the GUID, database, and transaction log names match the output
from the previous command.

Note: In the command below, you should type the GUID listed in the previous command.

New-MailboxDatabase –Recovery –Name RecoveryDB –EdbFilePath

“C:\Restore\GUID\C_\Program Files\Microsoft\Exchange Server\V15\Mailbox\Mailbox
Database 1\Mailbox Database 1.edb” –LogFolderPath “C:\Restore\GUID\C_\Program
Files\Microsoft\Exchange Server\V15\Mailbox\Mailbox Database 1” –Server LON-EX1

4. At the Exchange Management Shell command prompt, type the following command, and then press
Enter:

Restart-service msexchangeis

5. At the Exchange Management Shell command prompt, type the following command, and then press
Enter:

Note: In the command below, you should type the GUID listed in Step 2.

CD “C:\Restore\GUID\C_\Program Files\Microsoft\Exchange Server\V15\Mailbox\Mailbox

Database 1”

6. To set the mailbox database to a clean shutdown state, at the Exchange Management Shell command
prompt, type the following command, and then press Enter:

Eseutil /r E01 /d

7. At the Exchange Management Shell command prompt, type the following command, and then press
Enter:

Mount-Database RecoveryDB
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L7-51

8. At the Exchange Management Shell command prompt, type the following command, and then press
Enter:

Get-MailboxStatistics -Database RecoveryDB

Note: This cmdlet displays all mailboxes in the recovery database.

9. Verify that the Beth Burke mailbox is listed.

Task 4: Recover the mailbox from the recovery database

1. At the Exchange Management Shell command prompt, type the following command, and then press
Enter:

New-MailboxRestoreRequest –SourceDatabase RecoveryDB –SourceStoreMailbox “Beth Burke”

–TargetMailbox [email protected]

2. At the Exchange Management Shell command prompt, type the following command, and then press
Enter:

Get-MailboxRestoreRequest

3. Repeat step 2 until the status becomes Completed.

4. On LON-EX1, open Internet Explorer.

5. In the address bar, type https://LON-EX1.adatum.com/owa, and then press Enter.

6. Sign in as Adatum\Beth with the password Pa55w.rd.

7. Verify that the message has been restored.

8. Sign out of Outlook on the web.

9. Close Internet Explorer.

Results: After completing this exercise, you should have restored the missing items back into the users’
mailboxes.

Exercise 2: Restoring an Exchange Server DAG member (optional)

Task 1: Prepare a database availability group (DAG) for restoring a DAG member
1. Shut down 20345-1A-LON-EX1 virtual machine.

2. On LON-EX2, at the Exchange Management Shell command prompt, type the following cmdlets,
and then press Enter twice after each one (it is expected that you receive a warning when executing
first command):

Remove-MailboxDatabaseCopy “Mailbox Database 1\LON-EX1”

Remove-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer LON-EX1 -
ConfigurationOnly
 MCT USE ONLY. STUDENT USE PROHIBITED
L7-52 Implementing disaster recovery for Exchange Server 2016

3. On LON-EX2, in Server Manager, click Tools and then click Failover Cluster Manager.
4. In the Failover Cluster Manager console, expand DAG1.Adatum.com, click Nodes, right-click
LON-EX1, click More Actions, click Evict, and then click Yes.

Task 2: Install Exchange Server 2016 in server recovery mode

1. On LON-DC1, on the taskbar, click Server Manager.

2. In Server Manager, click Tools, and then click Active Directory Users and Computers.

3. In the console tree, click Computers.

4. In the details pane, right-click LON-EX1, and then click Reset Account.

5. Click Yes, and then click OK.

6. Start the 20345-1A-LON-EXCH-B virtual machine.

7. On LON-EXCH-B, sign in by using the following credentials:

o User name: Adatum\Administrator

o Password: Pa55w.rd

8. On the taskbar, click Server Manager.

9. On the left navigation pane, click Local Server, and in Properties tile, click the link next to
Computer name.

10. In the System Properties dialog box, on the Computer Name tab, click Change.

11. In the Workgroup text box, type WORKGROUP and then click OK.
12. In the Computer Name/Domain Changes dialog box, click OK.

13. When prompted for a user name and a password, type Administrator with the password Pa55w.rd,
and then click OK.
14. In the dialog box that welcomes you to the Workgroup, click OK.

15. When prompted that you must restart the computer, click OK.

16. In the System Properties dialog box, click Close.

17. When prompted to restart the computer, click Restart Now.

18. On LON-EXCH-B, sign in by using the following credentials:

o User name: Administrator

o Password: Pa55w.rd

19. In Hyper-V Manager, right-click 20345-1A-LON-EXCH-B, and then click Settings.

20. In the Settings for 20345-1A-LON-EXCH-B window, click Network Adapter in the left pane.
21. In the right pane, in the Virtual switch drop-down list, select Private Network, and then click OK.

22. On LON-EXCH-B, on the taskbar, click Server Manager.

23. In Server Manager, in the console tree, click Local Server. Next to Ethernet, click 172.16.0.11, IPv6
Enabled.

24. Right-click Ethernet, and then click Properties.

25. Click Internet Protocol Version 4 (TCP/IP v4), and then click Properties.
26. Change the IP address to the 172.16.0.14, and verify that Preferred DNS server is 172.16.0.10.
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L7-53

27. Click OK, click Close, and then close the Network Connections window.

28. On the Properties tile, click the link next to Computer name.
29. In the System Properties dialog box, on the Computer Name tab, click Change.

30. In the Computer Name text box, type LON-EX1, in the Domain text box, type Adatum.com, and
then click OK.
31. When prompted for a user name and a password, type Administrator with the password Pa55w.rd,
and then click OK.

32. When a dialog box appears welcoming you to the adatum.com domain, click OK.
33. When prompted that you must restart the computer, click OK.

34. In the System Properties dialog box, click Close.

35. When prompted to restart the computer, click Restart Now.

Note: Perform all steps referring to LON-EX1 on the renamed virtual machine, which
previously was LON-EXCH-B.

36. Sign in to LON-EX1 as Adatum\Administrator with the password Pa55w.rd.

37. In Hyper-V Manager, open the 20345-1A-LON-EXCH-B settings, and then attach the
Exchange .iso image from D:\Program Files\Microsoft Learning\20345-1\Drives
\ExchangeServer2016-CU5.iso.

38. On LON-EX1, open an elevated command prompt, type D:, and then press Enter.

39. Type the following command, and then press Enter:

Setup.exe /m:RecoverServer /Iacceptexchangeserverlicenseterms

40. After setup completes, restart the server.

Task 3: Recover a DAG member server

1. On LON-EX2, at the Exchange Management Shell command prompt, type the following cmdlets, and
then press Enter after each one.

Note: If an error message appears, switch to LON-EX1 and ensure that all services that are
configured to start automatically have started and then repeat the command.

Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer LON-EX1

Add-MailboxDatabaseCopy -Identity “Mailbox Database 1” -MailboxServer LON-EX1
Invoke-Command –ComputerName LON-EX1 –ScriptBlock
{Restart-Service msexchangeis}

2. On LON-EX2, in the Exchange Management Shell, run the following cmdlets verify the DAG member
functionality and the restored database copy:

Get-DatabaseAvailabilityGroup
Get-MailboxDatabaseCopyStatus -Identity “Mailbox Database 1”
 MCT USE ONLY. STUDENT USE PROHIBITED
L7-54 Implementing disaster recovery for Exchange Server 2016

Task 4: Prepare for the next module

When you are finished with the lab, revert all virtual machines to their initial state:

1. On the host computer, start Hyper-V Manager.

2. In the Virtual Machines list, right-click 20345-1A-LON-DC1, and then click Revert.

3. In the Revert Virtual Machine dialog box, click Revert.

4. Repeat steps 2 and 3 for 20345-1A-LON-EX1, 20345-1A-LON-EX2, 20345-1A-LON-CL1, and

20345-1A-LON-EXCH-B.

Results: After completing this exercise, you should have recovered LON-EX1.
 MCT USE ONLY. STUDENT USE PROHIBITED
L8-55

Module 8: Configuring and managing message transport

Lab: Configuring message transport
Exercise 1: Configuring message transport
Task 1: Create a send connector for Internet mail delivery
1. On LON-EX1, open Internet Explorer, in the address bar type https://LON-EX1.Adatum.com/ecp,
and then press Enter.
2. Sign in to Exchange Admin Center as Adatum\Administrator with the password Pa55w.rd.

3. If prompted, on the Choose your preferred display language and home time zone below page, in
the Time zone list, click (UTC-08:00) Pacific Time (US & Canada) and then click Save.
4. In EAC, click mail flow, and click the send connectors tab.

5. Click New.

6. In the new send connector window, in the Name box, type Internet Send.

7. Under Type, click Internet (For example, to send internet mail), and click Next.

8. On the new send connector page, click Route mail through smart hosts, and click Add.

9. In the Add smart host window, type 10.95.0.50, and click Save.
10. In the new send connector window, click Next.

11. Under Smart host authentication, click None, and then click Next.

12. On the next page, under Address space, click Add.

13. In the add domain window, in the *Full Qualified Domain Name (FQDN) text box, type *, and click
Save.

14. In the new send connector window, click Next.

15. On the next wizard page, under Source server, click Add.

16. Select LON-EX1 and LON-EX2, click add->, and then click OK.

17. In the new send connector window, click Finish.

Task 2: Create a receive connector for anonymous relay

1. In Exchange Admin Center, click the receive connectors tab.

2. In the Select server box, click LON-EX1.Adatum.com, and click New.

3. In the new receive connector window, in the Name box, type CRM Relay.

4. Under Role, click Frontend Transport.

5. Under Type, click Custom (For example, to allow application relay), and click Next.

6. Under Network adapter bindings, verify that (All available IPv4) and port 25 are listed, and then
click Next.

7. Under Remote network settings, click 0.0.0.0-255.255.255.255, and click Remove.

8. Click Add.

9. In the add IP address window, type 172.16.0.10, and click Save.

10. In the new receive connector window, click Finish.

 MCT USE ONLY. STUDENT USE PROHIBITED
L8-56 Configuring and managing message transport

11. In EAC, double-click CRM Relay.

12. In the CRM Relay window, under Protocol logging level, click Verbose.
13. Click the security tab, and then, under Authentication, select the Externally secured (for example,
with IPsec) check box.

14. Under Permission groups, select the Exchange servers and Anonymous users check boxes, and
then click Save.

15. Close Exchange Admin Center.

Results: After completing this exercise, you should have configured send and receive connectors for
Internet mail flow, and an application that requires anonymous relaying.

Exercise 2: Troubleshooting message delivery

Task 1: Verify that messages can be sent from the CRM application server
1. On LON-DC1, click Start, and then click Windows PowerShell.

2. At the Windows PowerShell prompt, type Telnet LON-EX1 25, and then press Enter.

3. Type helo, and then press Enter.

4. Type mail from: [email protected], and press Enter.

5. Type rcpt to: [email protected], and press Enter.

6. Type data, and press Enter.

7. Type Subject: Test from CRM, and press Enter.

8. Type This is the test message, and press Enter.

9. Type ., and press Enter.

10. After the message is displayed that indicates the message is queued for delivery, type quit, and press
Enter.

11. Close the Windows PowerShell prompt.

Task 2: Verify that the correct receive connector was used for message reception
1. On LON-EX1, on the taskbar, click File Explorer.

2. In File Explorer, in the address bar, type C:\Program Files\Microsoft\Exchange Server

\V15\TransportRoles\Logs, and press Enter.

3. Double-click FrontEnd, double-click ProtocolLog, and double-click SmtpReceive.

4. To view the newest protocol log in Notepad, double-click the protocol log file with the most recent
date.

5. In Notepad, click Edit, and click Find.

6. In the Find window, type CRM, and click Find Next.

7. Close the Find window.

 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L8-57

8. If necessary, scroll to the right and review the SMTP commands used to send the message from
[email protected] to [email protected].
9. Close Notepad and File Explorer.

Task 3: Verify that the correct send connector was used to deliver the message
1. On LON-EX1, click Start, and click Exchange Toolbox.

2. In Exchange Toolbox, double-click Queue Viewer.

3. In Queue Viewer, in the Last Error column, read the error message for the 10.95.0.50 queue. If
necessary, expand the column.

4. Double-click the 10.95.0.50 queue to view the messages inside.

5. Double-click the message to view its properties.

6. In the Test from CRM properties window, click Cancel.

7. Right-click the message, and click Remove (without sending NDR).

8. In the Bulk Action window, click OK.

9. In the Remove (without sending NDR) window, click Yes.

10. Close Queue Viewer.

Results: After completing this exercise, you should have finished troubleshooting SMTP message delivery.

Exercise 3: Configuring a disclaimer transport rule

Task 1: Create a disclaimer transport rule
1. On LON-EX1, in EAC, click mail flow, and then click the rules tab.

2. Click New, and then click Create a new rule.

3. In the new rule window, in the Name box, type Adatum Disclaimer.

4. In the Apply this rule if drop-down list, select The sender is located option, and then in the select
sender location window, select Inside the organization, and then click OK.

5. In the Do the following drop-down list, select Append the disclaimer, and then click Enter text.

6. In the specify disclaimer text window, type <hr>This is the Adatum Disclaimer, and then
click OK.

7. Click Select one, and then in the specify fallback action window, select Wrap, and then click OK.
8. If necessary, under Choose a mode for this rule, click Enforce.

9. Click Save.

Task 2: Test a disclaimer transport rule

1. On LON-DC1, open Internet Explorer, in the address bar type https://LON-
EX1.Adatum.com/owa, and then press Enter.

2. Sign in to the OWA as Adatum\Adam with the password Pa55w.rd.

3. In the Time zone box, select (UTC -0800) Pacific Time (US & Canada), and click Save.
 MCT USE ONLY. STUDENT USE PROHIBITED
L8-58 Configuring and managing message transport

4. Click New.

5. In the To field, type [email protected].

6. In the Subject field, type Disclaimer Test.

7. In the message body, type This is my test message, and click Send.

8. Close Internet Explorer.

9. On LON-EX1, in Internet Explorer, open a new tab.

10. In the address bar, type https://LON-EX1.adatum.com/owa, and press Enter.

11. Verify that the message from Adam was received and that the disclaimer was added.
12. Close the current tab on Internet Explorer.

Results: After completing this exercise, you should have configured a transport rule for a disclaimer.

Exercise 4: Configuring a DLP policy for financial data

Task 1: Create a DLP policy for financial data
1. On LON-EX1, in EAC, click compliance management, and click the data loss prevention tab.

2. Click Add, and then click New DLP policy from template.

3. In the DLP policy from template window, in the Name box, type UK Financial Data.

4. In the Choose a template box, select U.K. Financial Data.

5. Click More options.

6. If necessary, under Choose the state of this DLP policy, click Enabled.

7. Under Choose a mode for the requirements in this DLP policy, click Enforce.

8. Click Save.

Task 2: Review settings in the DLP policy

1. On LON-EX1, in EAC, double-click the UK Financial Data policy.

2. In the UK Financial Data window, click the rules tab.

3. Click U.K. Financial: Allow override, and read the description.

4. Double-click U.K. Financial: Scan email sent outside – low count.

5. In the U.K. Financial: Scan email send outside – low count window, click ‘Credit Card Number’ or
‘EU Debit Card Number’ or ‘SWIFT Code’.

6. Read the minimum and maximum count required of the data type to trigger the rule, and click
Cancel.

7. In the U.K. Financial: Scan email send outside – low count window, click Cancel.

8. Double-click U.K. Financial: Scan email sent outside – high count.

9. In the U.K. Financial: Scan email send outside – high count window, click ‘Credit Card Number’
or ‘EU Debit Card Number’ or ‘SWIFT Code’.
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L8-59

10. Read the minimum and maximum count required of the data type to trigger the rule, and click
Cancel.
11. In the U.K. Financial: Scan email send outside – high count window, click Cancel.

12. In the UK Financial Data window, click Cancel.

Task 3: Configure a policy tip

1. In Exchange Admin Center, on the data loss prevention tab, click Manage policy tips.
2. In the Policy Tips window, click Add.

3. In the Policy Tip box, select Notify the sender.

4. In the Locale box, select English.

5. In the Text box, type This message is not compliant with company policy, and then click Save.

6. Click Close.

7. Close Internet Explorer.

Task 4: Test the DLP policy for financial data

1. On LON-CL1, sign in as Adatum\Nathan with the password Pa55w.rd.

2. Click Start, type Outlook, and then click Outlook 2016. If the Activation Wizard appears, click
Close.

3. If prompted to authenticate, sign in as Adatum\Nate with the password Pa55w.rd.

4. In Outlook, click New Email.

5. In the new message window, in the To box, type [email protected].

6. In the Subject box, type Credit Info.

7. In the message body, type Visa: 4444 4444 4444 4448, and press Enter.

8. Wait for a few minutes for the Policy Tip to appear, and then read the Policy Tip.

9. Copy the text from the message body and paste it 10 times.

10. Wait for a few moments for the Policy Tip to update, and then read the Policy tip.

11. Click override.

12. In the Microsoft Outlook dialog box, in the I have a business justification box, type Will be
encrypted by TLS, and click Override.

13. In the message window, read the updated Policy Tip, and click Send.

14. Close Outlook.

Results: After completing this exercise, you will have configured a DLP policy that prevents sending U.K.
financial data.
 MCT USE ONLY. STUDENT USE PROHIBITED
L8-60 Configuring and managing message transport

Task 5: Prepare for the next module

When you are finished with the lab, revert all virtual machines to their initial state:

1. On the host computer, start Hyper-V Manager.

2. In the Virtual Machines list, right-click 20345-1A-LON-DC1, and then click Revert.

3. In the Revert Virtual Machine dialog box, click Revert.

4. Repeat steps 2 and 3 for 20345-1A-LON-EX1, 20345-1A-LON-EX2, and 20345-1A-LON-CL1.

 MCT USE ONLY. STUDENT USE PROHIBITED
L9-61

Module 9: Configuring antivirus, antispam, and malware

protection
Lab: Configuring message security
Exercise 1: Configuring and testing EdgeSync
Task 1: Configure EdgeSync
1. On LON-EDGE1, click Start, click Microsoft Exchange Server 2016 folder and then click Exchange
Management Shell, and then press Enter.

2. In Exchange Management Shell, create a new Edge Subscription file by typing the following cmdlet,
and then press Enter:

New-EdgeSubscription -FileName “c:\LON-EDGE1.xml”

3. At the confirmation prompt, type Y, and then press Enter.

4. On the taskbar, click File Explorer.

5. Navigate to C:\ and locate c:\LON-EDGE1.xml.

6. Right-click LON-EDGE1.xml and then click Copy.

7. In the address bar, type \\LON-EX1\c$ and press Enter.

8. Right-click an area of free space and click Paste.

9. On LON-EX1, click Start, click the Microsoft Exchange Server 2016 folder, and then click Exchange
Management Shell.

10. In Exchange Management Shell, create a new Edge Subscription by typing the following cmdlet, and
then press Enter:

New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\LON-EDGE1.xml" -

Encoding Byte -ReadCount 0)) -Site "Default-First-Site-Name”

Task 2: Test EdgeSync

1. On LON-EX1, in Exchange Management Shell, start the Edge Synchronization process by typing the
following cmdlet, and then press Enter:

Start-EdgeSynchronization

2. Verify that the synchronization was successful.

3. In Exchange Management Shell, start a full Edge Synchronization test by typing the following cmdlet,
and then press Enter:

Test-EdgeSynchronization -FullCompareMode

Results: After completing this exercise, you should have configured and tested EdgeSync.
 MCT USE ONLY. STUDENT USE PROHIBITED
L9-62 Configuring antivirus, antispam, and malware protection

Exercise 2: Configuring antivirus, antispam, and malware protection

features on Exchange Server 2016
Task 1: Configure antispam options on Exchange Server 2016

Configure Content Filtering

1. On LON-EDGE1, in the Exchange Management Shell, verify that content filtering is enabled by typing
the following cmdlet, and then press Enter:

Get-ContentFilterConfig | Format-List Enabled

Verify that Enabled:True is returned.

2. Configure the blocked phrase Poker results by typing the following cmdlet, and then press Enter:

Add-ContentFilterPhrase -Influence BadWord -Phrase "Poker results"

3. Configure the allowed phrase Report document by typing the following cmdlet, and then press
Enter:

Add-ContentFilterPhrase -Influence GoodWord -Phrase "Report document"

4. Configure the quarantine mailbox [email protected] by typing the following cmdlet, and
then press Enter:

Set-ContentFilterConfig -QuarantineMailbox [email protected]

Note: In a production environment, you also should create a user mailbox and configure it
to be a quarantine mailbox.

5. Configure the spam confidence level (SCL) thresholds and enable quarantine by typing the following
cmdlet, and then press Enter:

Set-ContentFilterConfig -SCLRejectEnabled $true -SCLRejectThreshold 8 -

SCLQuarantineEnabled $true -SCLQuarantineThreshold 7

6. Configure the custom rejection response, "Your message was rejected by our spam filter. Contact
your administrator." by typing the following cmdlet, and then press Enter:

Set-ContentFilterConfig -RejectionResponse "Your message was rejected by our spam

filter. Contact your administrator."

7. Configure the SCL junk threshold with a value of 6 for all mailboxes in your organization by typing
the following cmdlet, and then press Enter:

Set-OrganizationConfig -SCLJunkThreshold 6

Configure sender and recipient filtering

1. Switch to LON-EX1, in the Exchange Management Shell, configure sender filtering to block messages
from [email protected] by typing the following cmdlet, and then press Enter:

Set-SenderFilterConfig -BlockedSenders [email protected]

 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L9-63

2. Configure recipient filtering to block messages sent to [email protected] by typing the

following cmdlet, and then press Enter:

Set-RecipientFilterConfig -BlockListEnabled $true -BlockedRecipients

[email protected]

Note: In this scenario, we assume that the email address [email protected] is for
internal purposes only, and should not receive email from external senders.

Task 2: Configure antimalware options in Exchange Server

Enable antimalware features

1. On LON-EX1, in the Exchange Management Shell, change the current folder to location \Program
Files\Microsoft\Exchange Server\V15\Scripts by typing the following cmdlet, and then press Enter:

cd “\Program Files\Microsoft\Exchange Server\V15\Scripts”

2. Enable antimalware scanning by typing following script, and then press Enter:

.\Enable-AntimalwareScanning.ps1

3. Verify that the following message appears: Anti-malware engines are updating. This may take a
few minutes. Note that because the lab environment does not have an Internet connection, the
engine update cannot complete. However, you should wait until you receive an error message that
the update could not be completed. This can take 15-20 minutes.

4. In the Exchange Management Shell, restart the Microsoft Exchange Transport Service by typing
following cmdlet, and then press Enter:

Restart-Service MSExchangeTransport

5. List installed transport agents by typing the following cmdlet, and then press Enter:

Get-TransportAgent

6. Verify that antimalware agent Malware Agent is listed. If the script was allowed to complete, the
status of Malware Agent is Enabled True.

Configure the default antimalware policy

1. On LON-EX1, open Internet Explorer from the taskbar and navigate to
https://LON-EX1.adatum.com/ecp.

2. Sign in to the Exchange admin center as Adatum\Administrator with the password Pa55w.rd, and
then click Sign in. On the Language and Time zone page, select (UTC-08:00) Pacific Time (US &
Canada) time zone and then click Save.

3. In the Exchange admin center, on the feature pane, click protection.

4. In the Exchange admin center window, on the malware filter tab, click Edit.

5. In the Default window, click Settings.

6. Under Malware Detection Response, select Delete all attachments and use custom alert text.

7. In the Custom alert text box, type the following text: The attachment has been deleted because it
contained malware. Contact your administrator.
 MCT USE ONLY. STUDENT USE PROHIBITED
L9-64 Configuring antivirus, antispam, and malware protection

8. Under Notifications, select both the Notify internal senders and Notify external senders check
boxes.
9. Under Administrator Notifications, select the Notify administrator about undelivered messages
from internal senders check box.

10. In the Administrator email address text box, type [email protected].

11. Under Administrator Notifications, select the Notify administrator about undelivered messages
from external senders check box.

12. In the Administrator email address text box, type [email protected].

13. In the Default window, click Save.

Task 3: Verify antivirus, antispam, and malware protection functionality

Validate antispam configuration

1. Switch to LON-DC1.
2. On LON-DC1, click Start, and then click the Windows PowerShell icon.

3. At the Windows PowerShell command prompt, type the following command and press Enter:

Telnet LON-EDGE1 smtp

4. Type the following command, and then press Enter:

helo

5. Type the following command, and then press Enter:

mail from: [email protected]

Verify that you receive the following response: 250 2.1.0 Sender OK.

6. Type the following command, and then press Enter:

rcpt to: [email protected]

Verify that you receive the following response: 250 2.1.5 Recipient OK.

7. Type the following command, and then press Enter:

data

Verify the following response: 354 Start mail input; end with <CRLF>.<CRLF>.
8. Type the following command, and then press Enter twice:

Subject: Poker results for you

9. Type the following command, and then press Enter:

Please find below Poker results

10. Press the period (.) key, and then press Enter.

11. Verify that the following message displays: Your message was rejected by our spam filter. Contact
your administrator.
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L9-65

12. If you do not see the message Connection to host lost, type the following command, and then press
Enter:

Quit

Validate anti-malware configuration

1. Switch to LON-EX1. Open Exchange Management Shell, if it is not already open. In the Exchange
Management Shell window, type Set-MpPreference -DisableRealtimeMonitoring $true, and then
press Enter.

2. Use Notepad to edit the C:\Labfiles\Mod09\Eicar.txt file, and remove ONLY the two <remove>
markers (including the < > symbols).
3. In Notepad, click File and then Save.

4. If Internet Explorer is currently open, close it.

5. Open Internet Explorer.

6. In the Internet Explorer Address bar, type https://lon-EX1.adatum.com/owa, and then press Enter.

7. Sign in as Adatum\Adam with the password Pa55w.rd.

8. On the Language and time zone page, in the Time zone list, select the local time zone and then
click Save.

9. In the Microsoft Outlook window, click New.

10. In the To field, type [email protected].

11. Click in the Subject field, and then type Test Message.

12. In the message body, type Daily report, and then click Attach.
13. In the Choose File to Upload window, in the navigation pane, browse to c:\Labfiles\Mod09,
double-click file Eicar.txt, and then click Send.

14. In the Outlook window, click the icon for Adam Hobbs in the top right corner, and then click
Sign out.

15. In Internet Explorer, on the Outlook logon page, sign in as Adatum\Beth with the password
Pa55w.rd.
16. On the Language and time zone page, in the Time zone list, click (UTC-08:00) Pacific Time (US &
Canada) and then click Save.

17. In the Outlook window, open the new message from Adam Hobbs.

18. Double-click the attachment, click Open, and then click Open again.

19. Verify that the code that was in the file has been deleted and replaced by the custom text that you
configured.

20. In the Outlook window, click the icon for Beth Burke in the top right corner, and then click Sign out.
 MCT USE ONLY. STUDENT USE PROHIBITED
L9-66 Configuring antivirus, antispam, and malware protection

Task 4: Prepare for the next module

When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:

1. On the host computer, start Hyper-V Manager.

2. In the Virtual Machines list, right-click 20345-1A-LON-DC1, and then click Revert.

3. In the Revert Virtual Machine dialog box, click Revert.

4. Repeat steps 2 to 3 for 20345-1A-LON-EX1, 20345-1A-LON-EX2, and 20345-1A-LON-EDGE1.

Results: After completing this exercise, you should have configured antispam and antimalware options,
and tested these protection functionalities.
 MCT USE ONLY. STUDENT USE PROHIBITED
L10-67

Module 10: Implementing and managing Exchange Online

deployments
Lab: Managing Exchange Online
Exercise 1: Managing Exchange Online
Task 1: Create the Office 365 trial tenant
1. In the host computer, open Internet Explorer, and browse to the Office 365 Enterprise E3 business
software link: http://aka.ms/jsn2ec.

2. Select the Free trial option.

3. Select your country/region, and enter your data. If your country/region is not listed, select United
States.

4. Type in your First name and Last name, and enter an email address you have access to, then type
123-123-1234 as the business phone number, and type A. Datum Corporation as the company
name. Choose 50-249 for the organization size, and then click Next.

5. On the Create your user ID page, type your user name (for example, first letter of your last name
and your first name), and then choose a company domain name. Type the company domain name in
the following format: AdatumDATEYourInitials.onmicrosoft. (for example,
adatum2601sj.onmicrosoft.com) and use Pa55w.rd! as the password, and then click Next.

6. Provide your mobile phone number for verification, and then click Text me.

Note: You must type your working mobile phone number. If you do not have a mobile
phone, contact your instructor.

7. Type the text code that you received on your mobile phone in Enter your verification code dialog
box, and then click Create my account.

8. Review the available options on the Office 365 dashboard, and note your user ID.

Note: Make sure that you write down your user ID, because you will use it later for
signing in.

9. In Internet Explorer, browse to https://portal.office.com.

10. Log on with your previously created UserID and the password Pa55w.rd!

11. Click Admin. On the don’t lose access to your account! page, click cancel.

12. If you are connected to the previous Office 365 admin center, click the banner at the top of the page
to connect to the new Office 365 admin center.

13. Do not close the browser window.

 MCT USE ONLY. STUDENT USE PROHIBITED
L10-68 Implementing and managing Exchange Online deployments

Task 2: Manage recipient objects and Exchange Settings in Office 365

Create a user in Office365 and assign a license
1. In the host machine, in Internet Explorer, in the Office 365 admin portal, on the left navigation menu,
click Users, and then click Active Users.

2. Above the list of users, click the Add a user button.

3. On the Add a user page, enter the following information:

o First name: Art

o Last name: Odum

o Display name: Art Odum

o User name: Art

o Auto-generate password.

o Make this user change their password when they first sign in: Selected
o Product licenses: Office 365 Enterprise E3

4. Click Add. Ensure that the Send password in email check box is selected, click Send email and
close.
Create and manage distribution groups and resource mailboxes

1. In the Office 365 admin center, click Admin centers, and then click Exchange.

2. In Exchange admin center, on the recipients pane, click the groups tab.
3. Click the + icon, and then click Distribution group.

4. In the New Office 365 Group window, click the hyperlink To create a new distribution group,
click here.
5. In the Distribution Group window, in the Display name box, type IT.

6. In the Alias box, type IT.

7. Under Members, click the + icon.

8. In the Select Members window, click Art Odum, click Add, and then click OK.

9. In the Distribution Group window, click Save.

10. In the Exchange admin center, on the recipients pane, on the groups tab, on the main list pane,
double-click IT to manage the IT distribution group.

11. In the IT distribution group window, on the left pane, click membership approval.

12. On the main pane, under Choose whether owner approval is required to join the group, click
Closed: Members can be added only by the group owners. All requests to join will be rejected
automatically.

13. In the IT distribution group window, on the left pane, click message approval.

14. On the main pane, click Messages sent to this group have to be approved by a moderator, then
click the + icon under Group moderators, select Art Odum and click Add, and then click OK.

15. In the IT distribution group window, click Save.

16. In the Exchange admin center, on the recipients pane, click the resources tab.

17. Click the + icon, and then click Room mailbox.

 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L10-69

18. On the new room mailbox page, enter the following information, and then click Save:

o Room name: Boardroom

o Email address: Boardroom

o Location: HQ

o Capacity: 15
19. On the resources tab, in list pane, select Boardroom, and then click Edit.

20. On the Boardroom page, on the left navigation pane, click booking delegates.

21. On the booking requests pane, click Select delegates who can accept or decline booking
requests.

22. In Delegates, click the + icon, select Art Odum, and then click OK.

23. On the Boardroom page, click Save.

Manage Exchange Online settings

1. In the Exchange admin center, on the left navigation pane, click mobile, and then click mobile
device mailbox policies tab.

2. On the mobile device mailbox policies main pane, click Default (default) and then click Edit on
the menu bar.

3. On the Default page, on the left navigation pane, click security.

4. On the security page, click Require a password, click Minimum password length, and then click
Number of sign-in failures before device is wiped.

5. On the security page, click Save.

MCT USE ONLY. STUDENT USE PROHIBITED
 MCT USE ONLY. STUDENT USE PROHIBITED
L11-71

Module 11: Monitoring and troubleshooting Microsoft

Exchange Server 2016
Lab: Monitoring and troubleshooting
Exchange Server 2016
Exercise 1: Monitoring Exchange Server
Task 1: Create a new Data Collector Set that is named Exchange Monitoring
1. On LON-EX1, click the Server Manager tile.
2. In the Server Manager window, click the Tools menu, and then click Performance Monitor.

3. In the Performance Monitor window, in the navigation pane, expand Data Collector Sets, and then
click User Defined.
4. Click the Action menu, click New, and then click Data Collector Set.

5. In the Create new Data Collector Set Wizard, in the Name text box, type Exchange Monitoring,
select Create manually (Advanced), and then click Next.

6. Select Performance counter, and then click Finish.

Task 2: Create a new performance-counter Data Collector Set for monitoring basic
Exchange Server performance
1. In the Performance Monitor, in the navigation pane, expand Data Collector Sets, expand User
Defined, click Exchange Monitoring, in the Action menu, click New, and then click Data Collector.

2. In the Create New Data Collector Wizard, in the Name text box, type Base Exchange Monitoring,
select Performance counter data collector, click Next, and then click Add.
3. In the Available counters object list, expand Processor, and then click % Processor Time. Press and
hold the Ctrl key, click % User Time, click % Privileged Time, release the Ctrl key and then click
Add.
4. In the Available counters object list, expand Memory, and then click Available Mbytes. Press and
hold the Ctrl key, click the following items, release the Ctrl key, and then click Add:

o Page Reads/sec

o Pages Input/sec

o Pages/sec

o Pages Output/sec

o Pool Paged Bytes

o Transition Pages Repurposed/sec

5. In the Available counters object list, expand MSExchange ADAccess Domain Controllers, and
then click LDAP Read Time. Press and hold the Ctrl key, click the following items, and then click Add:

o LDAP Search Time

o LDAP Searches Timed Out per Minute

o Long Running LDAP Operations/min

 MCT USE ONLY. STUDENT USE PROHIBITED
L11-72 Monitoring and troubleshooting Microsoft Exchange Server 2016

6. In the Available counters object list, expand System, click Processor Queue Length, click Add, and
then click OK.
7. In the Create New Data Collector Wizard, in the Sample interval text box, type 1, in the Units
drop-down list, select Minutes, and then click Finish to create the data collector.

Task 3: Create a new performance-counter Data Collector Set for monitoring the
performance of a Mailbox server role
1. In the Performance Monitor, in the navigation pane, click Exchange Monitoring, click the Action
menu, click New, and then click Data Collector.

2. In the Create New Data Collector Wizard, in the Name text box, type Mailbox Role Monitoring,
select Performance counter data collector, click Next, and then click Add.
3. In the Available counters object list, expand LogicalDisk, and then click Avg.Disk sec/Read. Press
and hold the Ctrl key, click the following items, and then click Add:

o Avg.Disk sec/Transfer

o Avg.Disk sec/Write

4. In the Available counters object list, expand MSExchangeIS Store, and then click RPC Average
Latency. Press and hold the Ctrl key, click the following items, and then click Add:
o RPC Operations/sec

o RPC Requests

o Messages Delivered/sec
5. Click OK.

6. In the Create New Data Collector Wizard, in the Sample interval text box, type 1, and in the Units
drop-down list, select Minutes, and then click Finish to create the Data Collector Set.

Task 4: Verify that the Data Collector Set works properly

1. In the Performance Monitor, in the navigation pane, click Exchange Monitoring, click the Action
menu, and then click Start.

2. Wait at least five minutes, and then in the Action menu, click Stop.
3. In the navigation pane, expand Reports, expand User Defined, expand Exchange Monitoring, click
LON-EX1_DateTime-Number, and then review the report.

4. Close the Performance Monitor.

Results: After completing this exercise, you should have created a Data Collector Set for monitoring
LON-EX1. This set should use the recommended performance counters.

Exercise 2: Troubleshooting database availability

Task 1: Identify the problem’s scope
Before you begin this exercise, complete the following steps:
1. On LON-EX1, open the Exchange Management Shell. At the prompt, type C:\labfiles\Mod11
\Lab11-Exercise02-Prep.ps1, and then press Enter. This script will simulate database failure.
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L11-73

2. On LON-EX1, start Internet Explorer from the taskbar.

3. In the Internet Explorer window, type https://lon-ex1.adatum.com/ecp, and then press Enter.
4. On the Exchange Admin Center web page, in the Username text box, type
Adatum\Administrator. In the Password text box, type Pa55w.rd, and then click Sign In.

5. In the Time zone list, click (UTC-08:00) Pacific Time (US & Canada) and click Save.
6. On the Exchange admin center, on the feature pane, click servers, and then click the databases tab.

7. In the list view, click the MailboxDB100 database, and then in the details pane, verify that it is
Dismounted.
8. On the toolbar, click More, and then click Mount.

9. In the warning window, click yes.

10. Another warning window appears, which displays a message that at least one database file is missing.
In the warning window, click cancel.

Task 2: Review the event logs

1. On LON-EX1, click Server Manager.

2. In the Server Manager window, on the Tools menu, click Event Viewer.

3. In the Event Viewer, in the navigation pane, expand Windows Logs, click Application, and then in
the Content pane, review the recent events.

4. Click the recent events that have a source from one of the MSExchange services, and then review the
details of the error in the lower half of the Content pane.

5. In the navigation pane, click System, and then in the Content pane, review recent events. Notice that
notable events are present.

6. Close the Event Viewer.

Task 3: List the probable causes of the problem, and rank possible solutions if
multiple options exist
• List the problems and possible solutions:

Problem Possible solution

Disk errors are preventing access to the Replace disks and restore from backup.
database.

Database path is incorrect because of storage Change the configuration of your storage or
changes. database.

Task 4: Review the database configuration

1. On LON-EX1, in the Exchange admin center, in the list view, verify that MailboxDB100 database is
selected, and then on the toolbar, click the Edit button.

2. Take note of the database path.

3. Click the File Explorer icon on the taskbar, and then in the navigation pane, expand Computer,
expand Local Disk (C:), expand Program Files, expand Microsoft, expand Exchange Server, expand
V15, expand Mailbox, and then verify that the folder MailboxDB100-newpath does not exist. This is
the specified location for MailboxDB100.edb.
 MCT USE ONLY. STUDENT USE PROHIBITED
L11-74 Monitoring and troubleshooting Microsoft Exchange Server 2016

4. In the navigation pane, double-click the MailboxDB100 folder, and then locate the
MailboxDB100.edb database file. This is the actual location of the database and transaction log files.
The configuration is pointing to the wrong path.

5. Close the File Explorer window.

Task 5: Reconfigure and mount the database

1. On LON-EX1, switch to the Exchange Management Shell, type the follow cmdlet, and then press
Enter:

Move-DatabasePath MailboxDB100 –LogFolderPath “C:\Program Files\Microsoft\Exchange

Server\V15\Mailbox\MailboxDB100” –EdbFilePath “C:\Program Files\Microsoft\Exchange
Server\V15\Mailbox\MailboxDB100\MailboxDB100.edb” –ConfigurationOnly –force

2. Type Y, and then press Enter.

3. In the Exchange Management Shell, type the following cmdlet, and then press Enter:

Mount-Database MailboxDB100

4. In the Exchange admin center, on the features pane, click servers, and then click the databases tab.

5. In the list view, click the MailboxDB100 database, and then in the details pane, verify that it is
Mounted.

Results: After completing this exercise, you should have used a troubleshooting technique to identify and
fix a Mailbox server problem.

Exercise 3: Troubleshooting Client Access servers

Task 1: Use the test cmdlets to verify server health
Before you begin this exercise, complete the following steps:

1. On LON-EX1, in the Exchange Management Shell, at the prompt, type C:\labfiles\Mod11\Lab11-

Exercise03-Prep.ps1, and then press Enter.

Note: If you receive warning messages after running the script, you can safely ignore
them and continue to the next step.

2. In the Exchange Management Shell, type the following Test cmdlet, and then press Enter:

Test-ServiceHealth

3. Verify that the output does not return any errors.

4. Close the Exchange Management Shell.

Task 2: Check the Outlook on the web configuration

1. On LON-EX1, close Internet Explorer.

2. On the taskbar, click the Internet Explorer icon.

3. In the Internet Explorer window, type https://lon-ex1.adatum.com/ecp, and then press Enter.
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L11-75

4. On the Outlook on the web page, in the Username text box, type Adatum\Administrator, in the
Password text box, type Pa55w.rd, and then click the Sign In button.
5. Verify that you cannot sign in to the Exchange admin center.

6. In the Exchange Management Shell, type following cmdlet, and then press Enter:

Get-OwaVirtualDirectory –Identity “lon-ex1\owa (Default Web Site)" | ft name,

*authentication

7. Verify that all authentication methods are set to False.

8. In the Exchange Management Shell, type following cmdlet, and then press Enter:

Set-OwaVirtualDirectory –Identity “lon-ex1\owa (Default Web Site)" –

FormsAuthentication $true

9. In the Exchange Management Shell, type following command, and then press Enter:

iisreset

10. In the Internet Explorer window, type https://lon-ex1.adatum.com/ecp, and then press Enter.
11. In the Username text box, type Adatum\Administrator, and in the password text box, type
Pa55w.rd, and then click the sign in button.

12. Verify that now you can sign in to the Exchange admin center. If you receive a navigation error in
Internet Explorer, close and reopen Internet Explorer, and then repeat the process from step 10.

Note: If you receive an error indicating that the service did not start, start the World
Wide Web Publishing Service in the Services management console by running the following
command in the Exchange Management Shell:

Start-Service W3SVC

Task 3: Verify that you resolved the problem

1. Open Internet Explorer, and connect to https://LON-EX1.adatum.com/owa.

2. Sign in to Outlook on the web as Adatum\Administrator with the password Pa55w.rd.

3. Confirm that Administrator can now access Outlook on the web, and then close Internet Explorer.

Results: After completing this exercise, you should have used a troubleshooting technique to identify and
fix a Client Access service problem.

Task 4: Prepare for the next module

When you are finished with the lab, revert all virtual machines to their initial state:

1. On the host computer, start Hyper-V Manager.

2. In the Virtual Machines list, right-click 20345-1A-LON-EX1, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.

4. Repeat step 2 and 3 for 20345-1A-LON-DC1.

MCT USE ONLY. STUDENT USE PROHIBITED
 MCT USE ONLY. STUDENT USE PROHIBITED
L12-77

Module 12: Securing and maintaining Exchange Server 2016

Lab: Securing and maintaining Exchange
Server 2016
Exercise 1: Configuring Exchange Server permissions
Task 1: Configure Exchange server permissions for the ITAdmins group
1. On LON-EX1, open Server Manager, click Tools, and then click Active Directory Users and
Computers.

2. In the left pane, expand Adatum.com, click Microsoft Exchange Security Groups, and then in the
right pane, double-click Server Management.
3. In the Server Management Properties dialog box, click the Members tab, and then click Add.

4. In the Enter the object names to select text box, type IT, and then click OK twice.

5. Close Active Directory Users and Computers.

Task 2: Configure permissions for the SupportDesk and HRAdmins groups

1. On LON-EX1, click Start, click the Microsoft Exchange Server 2016 folder, and then click Exchange
Management Shell.
2. In the Exchange Management Shell, at the Windows PowerShell prompt, enter the following
command, and then press Enter:

New-RoleGroup -Name HRAdmins -Roles “Mail Recipients”

3. At the Windows PowerShell prompt, enter the following command, and then press Enter:

New-RoleGroup -Name SupportDesk -roles “Mail Recipients”, “Mail Recipient Creation”,

“Distribution Groups”

4. Open Internet Explorer from the taskbar, and in the address bar, type
https://LON-EX1.adatum.com/ecp, and then press Enter. Sign in as
Adatum\Administrator by using the password Pa55w.rd.

5. In the Time zone list, click (UTC-08:00) Pacific Time (US & Canada) and then click Save.

6. In the Exchange Admin Center, in the feature pane, click permissions.

7. Click the admin roles tab, and then in the list view, double-click SupportDesk.

8. In the Role Group dialog box, under Members, click Add.

9. On the Select Members page, select Rachael Macias, click add, and then click OK.

10. In the Role Group dialog box, click Save.

11. In the list view, double-click HRAdmins.

12. In the Role Group dialog box, under Members, click Add.

13. On the Select Member page, select Carmella Church, click add, and then click OK.

14. In the Role Group dialog box, click Save.

15. Close Internet Explorer.

 MCT USE ONLY. STUDENT USE PROHIBITED
L12-78 Securing and maintaining Exchange Server 2016

Task 3: Verify the permissions for the three role groups created
1. On LON-EX1, open Internet Explorer, in the address bar, type https://LON-EX1.adatum.com/ecp,
and then press Enter. Sign in as Adatum\Tonia by using the password Pa55w.rd.

2. In the feature pane, click servers.

3. Click the databases tab.

4. Click new. In the new database dialog box, in the Mailbox database text box, type Research, and
then click Browse.

5. Select LON-EX1, and click OK.

6. Click Save. If prompted to restart the information store, click OK.

7. In the feature pane, click unified messaging. Verify that you cannot create a Unified Messaging (UM)
dial plan. Remember that Tonia is part of the IT group, and therefore is able to modify server
properties but not UM settings.
8. Close Internet Explorer.

9. Open Internet Explorer, and in the address bar, type https://LON-EX1.adatum.com/ecp, and then
press Enter. Sign in as Adatum\Rachael by using the password Pa55w.rd. Recognize that in the
feature pane, there are no servers. This is because Rachael does not have permissions to manage
servers.

10. In the feature pane, click recipients.

11. Click new, and click User mailbox.

12. In the new user mailbox dialog box, click Browse. In the list view, double-click Allan Yoo. Click
Save. This confirms that Rachael can create new mailboxes.
13. Click the groups tab.

14. Select new, and click Distribution group. In the new distribution group dialog box, in the Display
name and Alias text boxes, type Research. Under Owners, click Add, and then click Alan Yoo. Click
add, click OK, and click Save.

15. In the list view, double-click Research. Verify that you can modify the group properties by typing a
group description in the Notes field, and click save.

Note: This confirms that Rachael can create new distribution groups.

16. Close Internet Explorer.

17. Open Internet Explorer, and in the address bar, type https://LON-EX1.adatum.com/ecp, and then
press Enter. Sign in as Adatum\Carmella by using the password Pa55w.rd.

18. In the feature pane, click recipients.

19. In the list view, double-click Allan Yoo.

20. In the User Mailbox dialog box, in the left pane, click organization.

21. In the Department text box, type Customer Service, and then click Save.
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L12-79

22. Verify that groups are not available on the tabs because Carmella does not have permission to
manage groups.
23. Close Internet Explorer.

Results: After completing this exercise, you should have configured RBAC roles and verified that the
permissions are granted accordingly.

Exercise 2: Configuring audit logging

Task 1: Configure audit logging on the [email protected] mailbox
1. On LON-EX1, click Start, click the Microsoft Exchange Server 2016 folder, and then click Exchange
Management Shell.

2. In the Exchange Management Shell, at the Windows PowerShell prompt, type the following
command, and then press Enter:

New-Mailbox –Name Info –SamAccountName Info –Shared

3. In the Exchange Management Shell, at the Windows PowerShell prompt, type the following
command, and then press Enter:

Set-Mailbox -Identity Info -AuditDelegate SendAs,SendOnBehalf -AuditEnabled $true

4. In the Exchange Management Shell, Windows PowerShell prompt, type the following command, and
then press Enter:

Get-Mailbox Info | Add-ADPermission –User “Allan Yoo” –ExtendedRights “Send As”

5. Minimize the Exchange Management Shell.

Task 2: Perform SendAs activity on the [email protected] mailbox

1. Switch to LON-EX1, open Internet Explorer, in the address bar, type https://LON-
EX1.adatum.com/owa, and then press Enter.

2. Sign in to the Outlook on the web as Adatum\Allan by using the password Pa55w.rd.

3. In the Time zone list, click (UTC-08:00) Pacific Time (US & Canada) and then click Save.

4. Click new mail to create a new message, click More Commands, and then click Show From.

5. Right-click From, click Remove, and in the From text box, type [email protected], and in the To
text box, type Allan Yoo. In the Subject text box, type Testing Send As logging.

6. In the message body, type some text, and then click Send. Verify that the message is sent once it
shows up in the Inbox under Allan Yoo's mailbox.

7. Close Internet Explorer.

Task 3: Verify that the activity is logged

1. On LON-EX1, open Internet Explorer, in the address bar, type https://LON-EX1.adatum.com/ecp,
and then press Enter.

2. Sign in as Adatum\Administrator by using the password Pa55w.rd.

3. In the Exchange Admin Center, in the feature pane, click compliance management.
 MCT USE ONLY. STUDENT USE PROHIBITED
L12-80 Securing and maintaining Exchange Server 2016

4. Click the auditing tab.

5. Click Run a non-owner mailbox access report.

6. In the Search for access by drop-down box, click All non-owners, and then click Search.

7. In the search results, click Info, and view the report that shows that Allan Yoo accessed the Info
mailbox.

Note: If no results are returned when you run the report, wait a few minutes and start
over from step 6.

8. Click close, and close Internet Explorer.

Results: After completing this exercise, you should have configured mailbox audit logging and verified
that audit logging works correctly.

Exercise 3: Maintaining Exchange Server 2016

Task 1: Enable maintenance mode
1. On LON-EX1, switch to Exchange Management Shell.

2. To drain the transport queues, type the following command, and then press Enter:

Set-ServerComponentState LON-EX1 –Component HubTransport –State Draining –Requester

Maintenance

3. Restart the transport services by typing each of the following commands, pressing Enter after each
command:

Restart-Service MSExchangeTransport

Restart-Service MSExchangeFrontEndTransport

Note: If you receive an error running either command, run the command again until no
errors are received.

4. Redirect any pending messages to LON-EX2 by typing the following command and pressing Enter. If
prompted to confirm, select the Yes to all option, and then press Enter:

Redirect-Message –Server LON-EX1 –Target LON-EX2.adatum.com

5. Run the following command and press Enter to verify that all queues are empty before proceeding to
the next step.

Get-Queue

Note: If the queues are not empty, continue running Get-Queue until they are. For the
purposes of this exercise, you can ignore any queues with a DeliveryType of ShadowRedundancy.
 MCT USE ONLY. STUDENT USE PROHIBITED
Administering Microsoft Exchange Server 2016 L12-81

6. Place LON-EX1 in maintenance mode by typing the following command, and pressing Enter:

Set-ServerComponentState LON-EX1 -Component ServerWideOffline –State Inactive –

Requester Maintenance

7. Verify that maintenance mode is enabled by typing the following command, and pressing Enter:

Get-ServerComponentState LON-EX1 | ft Component,State -AutoSize

Task 2: Disable maintenance mode

1. On LON-EX1, switch to Exchange Management Shell.

2. Take LON-EX1 out of maintenance mode by typing the following command, and pressing Enter:

Set-ServerComponentState LON-EX1 –Component ServerWideOffline –State Active –

Requester Maintenance

3. Place the HubTransport component on LON-EX1 back to an active state by typing the following
command, and pressing Enter:

Set-ServerComponentState LON-EX1 –Component HubTransport –State Active –Requester

Maintenance

4. Restart the transport services by typing each of the following commands, pressing Enter after each
command:

Restart-Service MSExchangeTransport
Restart-Service MSExchangeFrontEndTransport

5. Verify that the maintenance mode is disabled by typing the following command, and pressing Enter:

Get-ServerComponentState LON-EX1 | ft Component,State -AutoSize

Results: After completing this exercise, you should have enabled and disabled maintenance mode for
Exchange Server 2016.

Task 3: Prepare for course completion

When you are finished with the lab, revert all virtual machines to their initial state:

1. On the host computer, start Hyper-V Manager.

2. In the Virtual Machines list, right-click LON-EX2, and then click Revert.

3. In the Revert Virtual Machine dialog box, click Revert.

4. Repeat step 2 and 3 for LON-EX1 and LON-DC1.

MCT USE ONLY. STUDENT USE PROHIBITED